The Register has broken a story of the latest tragedy of copyright
mania in the computer industry. Intel and IBM have invented and are
pushing a change to the standard spec for PC hard drives that would
make each one enforce "copy protection" on the data stored on the hard
drive. You wouldn't be
hem up and sending them
whirling like so many autumn leaves.
This may be a longer discussion than you wanted, Ron, but as you can
see, I think there are a lot of things wrong with how copy protection
techologies are being foisted on an unsuspecting public. I'd like to
hear from you a similar discussion. Being devil's advocate for a
moment, why should self-interested companies be permitted to shift the
balance of fundamental liberties, risking free expression, free
markets, scientific progress, consumer rights, societal stability, and
the end of physical and informational want? Because somebody might be
able to steal a song? That seems a rather flimsy excuse. I await
your response.
John Gilmore
Electronic Frontier Foundation
[I haven't seen the original documents, so consider this only a rumor
at this point. Anyone have more info? -- John]
Translation of report by Dutch newspaper NRC Handelsblad on 20 January
The Hague, 20 January: Systems used to "bug" telephones, faxes and
e-mail, like the American-British Eche
I spoke some hours ago with Tatu Ylonen in Finland. His company has
confirmation from the Finnish government that the government agreed to
a proposal to limit mass-market crypto exports to 56 bits. Perhaps
he or someone else from SSH can post more details.
So *something* really did happen at th
Lucky Green said:
> Ultimately, It won't make a difference, but sure, why not. Crypto regs can
> go one way, and one way only: more restrictive.
Lucky's such an optimist! Actually, crypto regs have gone many
different directions. The general direction in the US is toward
more openness. (I've b
[Greg graciously allowed me to repost this. --gnu]
Date: Sat, 05 Dec 1998 15:22:53 +1000
From: Greg Taylor <[EMAIL PROTECTED]>
Hi John,
You wrote:
>I have not found a single confirmation of the Aarons statement that
>the 33 Wassenaar countries have agreed to change the exemption for
>mass mar
erciless in scheming to deny you access to it.
And if crypto developers have to publish on books, or rely on
smugglers to get crypto from country to country, then at least each
country will have its distribution arrangements already ready for when
the book is scanned or the smuggler arrives.
John Gilmore
Stewart Baker <[EMAIL PROTECTED]> said:
> I believe that many,
> perhaps most, Wassenaar members derive their authority to regulate
> exports directly from the arrangement itself.
I won't stay Stewart is lying -- I'll just say that:
* Wassenaar staff and web site contradicts him:
htt
CSENCMtg.html
However there is a juicier agenda which I received as a speaker:
We have revised the schedule in light of certain timing constraints. So,
please note that the private sector discussion of Wassenaar will take
place in the afternoon. In addition to John Gilmore, PECSENC member
[EMAIL PROTECTED] wrote on 1999-01-22 20:41 UTC:
> > One potential problem with such a system is that it allows
> > software vendors to include malicious code in their products with little
> > or no chance of being caught.
Markus Kuhn said in response:
> I don't think this is a severe additio
> Suppose someone discovers a way to solve NP-complete problems with a
> quantum computer; should he publish?
Certainly. It would instantly make her a famous mathematician. It
would probably be the catalyst for many others to make progress in
number theory. And it would inform the public that
http://frwebgate1.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=7780618828+3+0+0&WAISaction=retrieve
[Federal Register: February 26, 1999 (Volume 64, Number 38)]
[Notices]
[Page 9472]
>From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr26fe99-18]
DEPARTMENT OF COMMERC
> The way I read it, if you are using RSA for authentication, there are no
> export restrictions (except perhaps the awful 5 nations). You do not need
> to get a license.
I concur. The awful 5 nations aren't even embargoed, if your export
is "publicly available", which exempts you from the EAR
The novel is quite fun. It's full of cypherpunks, both modern and
WW2-era. The main characters are doing confusion operations to
cover up for Enigma-reading gaffes, and setting up a fully
encrypted data haven in an island nation. You'll recognize several
characters, though you might not be sure
Date: Wed, 7 Apr 1999 10:00:43 -0400 (EDT)
From: Leonid Reyzin <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: P1363: Follow-up trademark letter on our web site
--
This is a stds-p1363 broadcast. See the IEEE P1363 web page
(http://
There have been mumbles about a random number generator in Intel
executives' statements, but no solid information (e.g. where in the
product line is this coming out?) until today. I noticed it at RSA's
web site, but there's very sketchy info at the Intel site also. No
technical details or progra
"This government has learned from the U.S. to camouflage its policy
in verbal contortions," he said. "I think the U.K. government is
being used as a lubricant to help justify the preferred U.S. policy
position."
- Simon Davies, spokesman for Privacy International, commenting in a
press rel
> I'm not arguing that it's not a worthwhile purpose for code to
> be readable (despite my personal opinion that it isn't very likely).
> I'm arguing that it's not it's primary purpose nor is it necessary
> to fulfill its primary purpose. The fact that the world is full
> of unreadable code that
John Kelsey said, in a list of what people do wrong in crypto:
> e. In exportable systems, you have to use the salt
> correctly. If you just use a 40-bit key, you end up
> vulnerable to various kinds of precomputation attack.
>
> f. In exportable systems, you have to separate the keys
> used f
> Besides, as the developers of open source software we can hardly
> exercise pressure on our users.
In FreeS/WAN we do. The code we ship only runs secure ciphers in
secure modes. You actually have to know enough to go in and
change the code to run insecurely. (Or, of course, you can get
your
> >use of the Internet to distribute encryption products
> >will render Wassenaar's controls immaterial."
>
> The bitch is getting a clue. :)
No, that's not it.
* Wassenaar was never intended to control civilian crypto.
* Wassenaar never did control civilian crypto.
* Therefore nothin
> > /dev/random should become two-stage, ...
I thought that /dev/urandom was the problem: that as new entropy comes
in, the cryptographically secure pseudo-RNG needs to get its entropy
in big chunks, so an attacker can't probe it to guess each bit of new
entropy as it comes in.
This, it seems, w
http://www.house.gov/barr/p_081699.html
(Search his web site for "Echelon" for more press releases. --gnu)
Forwarded-by: Paul Wolf <[EMAIL PROTECTED]>
HOUSE COMMITTEE TO HOLD PRIVACY HEARINGS
BARR OBTAINS COMMITMENT FROM GOVERNMENT REFORM
WASHINGTON, DC -- U.S. Representative Bob Barr (GA-7)
> http://www.zixmail.com/ZixFAQ/index.html#4
> claims that a 3DES email security procuct has been approved for export.
> Is there something about the security of this system that is compromised?
Probably. They say it uses "1024 bit Public and Private Codes".
Not keys, codes. On the other hand,
> >http://www.cryptonym.com/hottopics/msft-nsa.html
>
> Perhaps more interestingly, the program lets you replace the key, too.
Microsoft prevents third parties from installing un-authorized crypto
code under CAPI by checking the signature on the code. Under their
export deal, they refuse to sig
> At 10:32 AM -0700 9/13/99, Eugene Leitl wrote:
> >Why don't you just erase flash when a pressure change (hull breach) is
> >detected. Using double-walled hull, to look for shortcuts. You can
> >also couple this to light detection, and whatnot.
Arnold Reinhold said:
> in several places) that wo
On Wednesday Intel introduced a new LAN controller chip (82559C) and a
companion IPSEC coprocessor (82594ED) that reportedly runs 10/100 Mbit
Ethernet, full duplex, full speed, minimum packet gaps -- with 3DES
IPSEC encryption. Windows 2K will supposedly have builtin support for
it. See:
Dave Farber:
> As I said , the devil is in the details.
Let me agree. Remember when the Administration said it was giving
industry what it wanted -- transferring crypto exports to the Commerce
Dept? And when later "industry" worked out a deal so they could "easily"
export key-recovery products,
> For Immediate Release
> September 16, 1998
> STATEMENT BY THE PRESS SECRETARY
Robert, that was *last year*'s encryption policy "liberalization".
Great joke though. I read through four or five paragraphs before
it became too obvious. Remember what they promised last year, and
what the regulat
> On the other hand, having the actual CPU source, we could stop worrying
> about Intel's ID gaffs, and RNG support, and "know" it is built correctly.
Even if you designed the chip and contracted out the fabrication,
you will not know that it is built correctly. Even if you ran the fab
and shutt
> If you had one question you would want asked, what would it be?
Why did the result of your year-long review of encryption policy
ignore the blatant unconstitutionality that the Justice Department's
Office of Legal Counsel found 20 years ago and that two Federal courts
have confirmed recently?
See http://lavarand.sgi.com/
John
I wonder if the source of remailer unreliability could be further
tracked down by providing a "publish" bit under the encryption at each
layer. If the bit is set, the remailer publishes, on its own web site
the incoming message, the decrypted message, and the outgoing message.
If the bit is not s
official secrecy to reveal their crimes and take
their punishments, before they destroy a vital part of the fabric of
society that they are supposedly paid to defend.
John Gilmore
Forwarded-by: David Wade <[EMAIL PROTECTED]>
Globalstar close to pact with FBI over wiretaps
By John Borland
September 13, 1999, 4:15 p.m. PT
http://home.cnet.com/category/0-1004-200-117671.html
A satellite phone firm is close to an agreement with federal law
enforcement officials who had threa
FINAL CLEARANCE SOUGHT TO OPEN TIPTON AIRFIELD
JEFFERSON MORLEY
WASHINGTON POST STAFF WRITER
Thursday, June 10, 1999 ; Page M01
Section: Weekly - MD - Anne Arundel
Anne Arundel County officials plan to open Tipton Airfield at Fort
Meade as a general aviation airport this summer, once they re
> Depending on the objectives of the group, this could end up as
> an open standard with good input from the cryptographic community,
> or as yet another broken proprietary system waiting for Ian Goldberg=20
> or Bruce Schneier to crack over lunch :-) The web page looks positive, at
> least.
> ht
From: IACR Newsletter <[EMAIL PROTECTED]>
IACR Newsletter
Vol. 16, No. 3, Fall 1999.
Published by the International Association for Cryptologic Research
Christian Cachin, Editor
http://www.iacr.org/newsletter/
...
SIGINT in Europe During the Cold War
==
[I'm just forwarding this with the expectation that someone might want to
try for the prize. I don't know anything about the code. -gnu]
Date: Sat, 9 Oct 1999 13:32:22 -0700 (PDT)
From: Alan Barnum Scrivener <[EMAIL PROTECTED]>
Subject: Re: unbreakable code?
Hello again friends. In my inexor
>> _Bernstein_ case. In short, the US Government is asking the court to
>> postpone oral argument in the case until the US Government has revealed
>> the new regulations, promised for release on December 15 1999.
>
> Which shouldn't be relevant since his rights were impacted under the *old*
> law
[Perry, I don't know if this is worth the list's time, we're getting
into minutiae...zap it if you agree.]
[Nah, I think its of interest. --Perry]
> On a more serious note, when Patel issued Bernstein III, I seem to
> recall a quote where she admonished the government for changing the
> regula
> In the US, the different cellphone standards support different crypto,
> and some cell companies or cell sites don't use it.
So far I have *never* found a US TDMA cellphone site that supports
encryption. I have it enabled in my Nokia phone, and every time I make a
call, it beeps at me to tell
The actual decision is readable here. Personally I side with the
dissent.
http://www.ce9.uscourts.gov/web/newopinions.nsf/f606ac175e010d64882566eb00658118/b686f731840272eb882567e7005de14a?OpenDocument
Forwarded-by: Jim Warren <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Johnny King)
WESTERN
Anybody know more?
http://www.wired.com/news/print/0,1294,32267,00.html
Nov 1: Marc Collins-Rector, 39, stepped down as chairman of DEN last
week, citing a desire to devote more time to his new startup, a
digital encryption firm.
Just when you thought it was safe to come out from under the bed, and
play your MP3's, or decode a few DVD's on your Linux box, comes...
Dee Tee Cee Pee
These guys are implementing a full blown encrypted session protocol
that goes between consumer video & audio devices, to make sure that
[forwarded with permission. --gnu]
From: Hans Ulrich Simon <[EMAIL PROTECTED]>
Subject: cryptology
Date: Wed, 24 Nov 1999 19:43:52 +0100 (MET)
Within this mail, I want to draw your attention to a new and vacant
``full professor position'' in the department of mathematics at the
Ruhr-University
ression
even when it hurts, so it may temporarily truly deregulate on December
15, 1999. But even that much won't happen unless they make real
changes to the draft rules they released this week.
John Gilmore
open source software developer
& part of Bernstein litigation team for free expression in crypto code
Good word-mongering on the US-driven UK proposals to demand your
crypto keys. I recommend that c'punks participate in the slashdot
discussion; injecting a few facts now and then can keep the debate
from degenerating into a competition to prove who's more clueless. --John
Forwarded-by: Frank Ede
Lucky Green said:
> Being rather familiar with GSM crypto, allow me to say this: most GSM voice
> traffic globally is encrypted using A5/2. We know how to break A5/2 in five
> clock cycles on an ASIC....
>
> A5/1 likely requires more clock cycles. How many clock cycles we don't know
> and won'
Forwarded-by: Maurice Wessling <[EMAIL PROTECTED]>
(in German)
http://focus.de/G/GP/GPA/gpa.htm?snr=64119&streamsnr=7
First paragraph, from http://babelfish.altavista.com/cgi-bin/translate?
Gauck authority decodes Stasi file
Data from approximately 15,000 agents of the earlier GDR
> >No, October 28, 2000 is when the act of circumventing an effective
> >technological measure becomes a violation (with exceptions for fair
>
> But if it was an "effective technological measure", it couldn't have
> been circumvented. And by circumventing CSS, wasn't it shown to not be
> an effec
> The PI hearing will be held on the 14th.
Actually there's news today from the court. The judge had a conflict
on the 14th (he's supposed to be in an appellate court and they forgot
to tell him). The attorneys are working on rescheduling the PI hearing
and I'll let you know once I know.
From: David Sobel <[EMAIL PROTECTED]>
Subject: BXA release URL
John -
It's at:
http://204.193.246.62/public.nsf/docs/60D6B47456BB389F852568640078B6C0
Also, I've put up the HTML of the regs. CDT has them up and
they appear to be "public" at this point (the National Journal
was saying earlier t
(This doesn't appear to be on www.bxa.doc.gov anywhere yet. BXA's
PR people say their web team is off at a retreat somewhere... --gnu)
Forwarded-by: David Sobel <[EMAIL PROTECTED]>
FOR IMMEDIATE RELEASE
Wednesday, January 12, 2000
Contact:
Morrie Goodman 202-482-4883
Eugene Cottilli (202) 482
FOR IMMEDIATE RELEASE
Thursday, January 13, 2000
Civil Liberties Groups Say New Encryption Export
Regulations Still Have Serious Constitutional Deficiencies
Washington, DC -- Leading Internet civil liberties groups said today
that new encryption export regulations released by the U.S. Commerce
D
Perry said, in private mail:
> There are a lot of open source projects out there which are confused
> about how they have to behave with respect to current practices. Do we
> have to alert the BXA just about our whole anon cvs repository once?
> Can we export binaries of our open source stuff with
> Apparently they have been published now. I waited for the day of
> publication, not the second, which I hope is sufficient.
I found them on the Federal Register site, in the "Documents Published
Today" page. They are published. Here's their URL:
http://frwebgate.access.gpo.gov/cgi-bin/getd
Dan Geer said:
> I agree with Peter and Arnold; in fact, I am convinced that
> as of this date, there are only two areas where national
> agencies have a lead over the private/international sector,
> namely one-time-pad deployment and traffic analysis.
What about production cryptanalysis, like t
[I won't be there -- I'll be in Boston at an EFF/Harvard-Berkman MP3
event. But it's fun to go to these, they enjoy our presence, and we
frequently learn things. --gnu]
Dear PECSENC,
At the end of this message is the announcement for the February 25th
meeting as it will appear in the Federal R
>>Are there any freely-available secret-sharing packages around? Specifically,
>>I need to be able to set up modestly complex policies to protect a sensitive
>>signature key.
>
> I use Hal Finney's "secsplit". Google found it in a couple of places; it
> doesn't seem to have been updated since 1
From: Adam Powell <[EMAIL PROTECTED]>
Subject: tech forums for April-May
Date: Tue, 18 Apr 2000 18:14:58 -0400
Upcoming technology forums:
4/25Buenos Aires: "Interactive Television and the Internet"
4/27-28 Santiago, Chile: "Journalism for the Future"
5/4 New York: "Satellite Images, C
From: "McGregor, Pat" <[EMAIL PROTECTED]>
Subject: We are looking for Interns
Date: Wed, 26 Apr 2000 08:59:48 -0700
Information Security at Intel has two more intern slots to fill for this
summer, based in Phoenix, Folsom, Oregon. The interns will work on tool
development, management projects, a
The public is invited. Any DC-area cypherpunks want to take notes and
report back? -- John
Date: Fri, 12 May 2000 14:19:55 -0400
From: "JASON GOMBERG" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject:
Declan, your story on Microsoft's IPSEC security missed the point.
Or rather, buried it in paragraph 8!
==> If you configure the machines to use 3DES, they will silently use DES.
That's the problem.
The Linux IPSEC software only supports 3DES. It does not support DES.
People complain about thi
> This makes it quite possible to detect this kind of simple
> spoofing by using two or more GPS antennas located a known distance from
> each other and checking to see that the positions computed from the
> signal out of each one differ by the known distances.
Sounds like some interested
> You are saying that some guy in his basement can break DES?
Hmm, works in my basement... :-)
If ordinary everyday hackers can remotely command tens of thousands
of machines to do distributed denial of service attacks, why can't
they crack DES keys?
Providing 3DES doesn't cost any more than
I have not verified this, but if true, time is of the essence.
It's time to HOWL to your Congressmen to stop them!
Whenever you read one of those "clerical amendments" that inserts
phrases into other parts of other laws -- watch out! Somebody is
trying to pull the wool over your eyes.
J
Rick Smith wrote:
> If the NSA approaches Microsoft to acquire their support of NSA's
> surveillance mission, then the information will have to be shared
> with a bunch of people inside Microsoft, and they're not all going
> to keep it secret.
Two people in Microsoft would need to know. Bill Gat
[I validated that the erroneous code is there in PGP 5.0i. It really
is obviously wrong, by inspection. The line numbers quoted below are
off. I haven't examined the corresponding code in other PGP versions.
--gnu]
Forwarded-by: [
> ... I cannot conceive that the NSA or some even blacker
> agency of the US intelligence community has not obtained a complete set
> of source code for all major releases and upgrades of Windows and
> NT/2000 and probably many major MS applications.
He's right, and not just for Windows...
Under
If you wondered why our favorite archive was a bit slow, this is why.
So now don't all of you go off and add to the load -- you probably
won't get in anyway. Either lots of people like pulling down
documents they aren't supposed to have, or perhaps some spook agency
worldwide is doing a distribu
71 matches
Mail list logo
