🚀 go-pugleaf

In article <2dki3n$ll7@rzsun02.rrz.uni-hamburg.de>,
bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) wrote:

> I see that the guys from the NSA have begun to use the anonymous
> mailservers to spread their evil rumors that PGP is not secure and
> thus to persuade the people not to use it - because they can't break
> it and this scares the shit out of them.
>

So then we should NOT use the pre-1992 version because the NSA can crack
that one? Otherwise, why would this poster explicitly state that the NSA
cannot crack pre-1992 compiled programs? If the NSA did not want us to use
it at all, why state that you can use the older version?


 _____________________________________
|                                     | "I don't care if you're a Nazi
|          alex@spiral.org            |  or a Communist. I support your
|      ________________________       |  right to say whatever the fuck
|       S.  P.  I.  R.  A.  L.        |  you want. This is America."
|      ========================       |                             - Me
|   Society for the Protection of     |  (Void in most countries --
|  Individual Rights and Liberties    |  Canada, England, Israel, Iraq,
|_____________________________________|  Guatamala, Cuba, ad nauseum...)

That post is proof we just had a full moon!

--
 A/~~\A   'moo2u from osu'   Jim Ebright   e-mail: jre+@osu.edu
((0  0))_______     "Education ought to foster the wish for truth,
  \  /    the  \     not the conviction that some particular creed
  (--)\   OSU  |     is the truth." -- Bertrand Russell

In <2dk38u$jb1@charm.magnus.acs.ohio-state.edu> jebright@magnus.acs.ohio-state.edu (James R Ebright) writes:


>That post is proof we just had a full moon!

Cranks like that don't need full moon!

Frode

I see that the guys from the NSA have begun to use the anonymous
mailservers to spread their evil rumors that PGP is not secure and
thus to persuade the people not to use it - because they can't break
it and this scares the shit out of them.

alt.security and sci.crypt edited out of the followups. talk.rumors
added.

Regards,
Vesselin
--
Vesselin Vladimirov Bontchev          Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226      Fachbereich Informatik - AGN
< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de        22527 Hamburg, Germany

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>	A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.

Damn!  After I sent him all those encrypted postcards, and this happens
to him.

>Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for the
>modification (each ot these companies' boards contains at least one Trilateral
>Commission member or Bilderberg Committee attendant).
>
>	It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied. The
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.
>
>Distribute and reproduce this information freely. Do not alter it.

You're MIS$ING crucial CAPITALIZATION.
--
ted frank   | "Danger, Vicki Robinson, Danger!" -- Twiki the Robot in 'Lost
the u of c  |  in Space,' a television show clearly superior to Star Trek.
law school  |              Tell your site: "I want my a.t.f.t^3!"
kibo#=0.5   |  	          	Standard disclaimers apply

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
:	A lot of people think that PGP encryption is unbreakable and that the
:NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
:mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
:arrested  _one day_ before he and others wee to stage a protest at government
:buildings; the police had a copy of a message sent by Steingold to another
:activist, a message which had been encrypted with PGP and sent through E-mail.
:
:	Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
:allow the NSA to easily break encoded messages. Early in 1992, the author,
:Paul Zimmerman, was arrested by Government agents. He was told that he

Ho ho ho!  'Craig Steingold'.  'Paul Zimmerman'.  Very amusing.

Unfortunately you posted this joke to a few other groups who might not
recognise the humor in it.  Why didn't you go the whole hog and include
alt.folklore.urban too???

Just in case anyone was taken in by this, *ITS A SPOOF* guys.  Very
definitely so.  Mildly amusing as long as no-one actually falls for it.

G

In article <199312021310.NAA07120@an-teallach.com>, gtoal@an-teallach.com (Graham Toal) writes:
|> In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
|> :	A lot of people think that PGP encryption is unbreakable and that the
|> :NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
|> :mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
|> :arrested  _one day_ before he and others wee to stage a protest at government
|> :buildings; the police had a copy of a message sent by Steingold to another
|> :activist, a message which had been encrypted with PGP and sent through E-mail.
|> :
|> :	Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
|> :allow the NSA to easily break encoded messages. Early in 1992, the author,
|> :Paul Zimmerman, was arrested by Government agents. He was told that he
|>
|> Ho ho ho!  'Craig Steingold'.  'Paul Zimmerman'.  Very amusing.

             I thought the kids name was Shergold
     I don't recognize zimmerman.

|>
|> Unfortunately you posted this joke to a few other groups who might not
|> recognise the humor in it.  Why didn't you go the whole hog and include
|> alt.folklore.urban too???
|>
|> Just in case anyone was taken in by this, *ITS A SPOOF* guys.  Very
|> definitely so.  Mildly amusing as long as no-one actually falls for it.
|>
|> G
|>

--
-------------------------------------------------------------------------
These thoughts are mine alone and not supported by my company, friends or
relatives.  Please consult  your  parent,  guardian, lawyer and local law
enforcement ageny prior to following any advice contained above.
NOTE:  I am on a  Canadian node  and need distribution  of NA to see your
replies. E-mail to snoopy@crchh777.BNR.CA.

>In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>>Members of the boards of Novell, Microsoft,
>>Borland, AT&T and other companies were persuaded into giving the order for the
>>modification (each ot these companies' boards contains at least one Trilateral
>>Commission member or Bilderberg Committee attendant).
>>
>>	It took the agency more to modify GNU C, but eventually they did it.
>>The Free Software Foundation was threatened with "an IRS investigation",
>>in other words, with being forced out of business, unless they complied. The
>>result is that all versions of GCC on the FTP sites and all versions above
>>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>>with itself will not help; the code is inserted by the compiler into
>>itself. Recompiling with another compiler may help, as long as the compiler
>>is older than from 1992.

This is trivial to test.  Compile the program using an older compiler,
translate the program into fortran or something or hand-code it in
assembler.
Compare the outputs.
I'll bet they're the same.

BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.

Scott Pallack
skybird@satelnet.org

Doesn't have a PGP key.  Can't see much use for one, either.

an54588@anon.penet.fi writes:

>	A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others wee to stage a protest at government
>...
>	Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.
>...

The preceding message was brought to you by the KGB, or some other intelligence
organization, that wants you to believe that PGP is insecure so you won't use
it.  They want to read your mail.

sci.crypt #15150 (102 more)
From: jebright@magnus.acs.ohio-state.edu (James R Ebright)
Newsgroups: alt.privacy,sci.crypt,alt.conspiracy,alt.politics.radical-left,
+           alt.anarchism,alt.alien.visitors,alt.security.pgp
                          ^^^^^^^^^^^^^^^^^^

Yep....


Subject: Re: NSA CAN BREAK PGP ENCRYPTION
Date: Thu Dec 02 01:51:10 EST 1993
Organization: The Ohio State University
Lines: 8

-uni- (Dark)

--
Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy.
073BB885A786F666  6E6D4506F6EDBC17 - One if by land, two if by sea.

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi
writes:

	   Since version 2.1, PGP ("Pretty Good Privacy") has been
	   rigged to
   allow the NSA to easily break encoded messages. Early in 1992, the
   author, Paul Zimmerman, was arrested by Government agents. He was
   told that he would be set up for trafficking narcotics unless he
   complied. The Government agency's demands were simple: He was to
   put a virtually undetectable trapdoor, designed by the NSA, into
   all future releases of PGP, and to tell no-one.

Has anyone heard from other sources, including the media, regarding
this issue? Are there any court records that back up this claim?

	   After reading this, you may think of using an earlier
	   version of
   PGP. However, any version found on an FTP site or bulletin board
   has been doctored. Only use copies acquired before 1992, and do NOT
   use a recent compiler to compile them. Virtually ALL popular
   compilers have been modified to insert the trapdoor (consisting of
   a few trivial changes) into any version of PGP prior to
   2.1. Members of the boards of Novell, Microsoft, Borland, AT&T and
   other companies were persuaded into giving the order for the
   modification (each ot these companies' boards contains at least one
   Trilateral Commission member or Bilderberg Committee attendant).

	   It took the agency more to modify GNU C, but eventually
	   they did it.
   The Free Software Foundation was threatened with "an IRS
   investigation", in other words, with being forced out of business,
   unless they complied. The result is that all versions of GCC on the
   FTP sites and all versions above 2.2.3, contain code to modify PGP
   and insert the trapdoor. Recompiling GCC with itself will not help;
   the code is inserted by the compiler into itself. Recompiling with
   another compiler may help, as long as the compiler is older than
   from 1992.

I have a hard time believing that all producers of C compilers went
along with this! It poses a serious breach of fiduciary trust between
the software developers and end users. To legal experts: are there any
legal grounds to disallow such modifications of software without
documentation?

   Distribute and reproduce this information freely. Do not alter it.

I suggest to everyone that they "take this with a grain of salt," and
search for other corroberating evidence, before they propogate this
information. This smells like propoganda to me. It doesn't help that
it was sent by an anonymous user, either.


--
   |     ----+		From the Towers Of Terror...
  -|--+ /   /|		George Feil
 / | /|+----+|		feil@sbcm.com
+----+||    ||		voice: 212-524-8059    fax: 212-524-8081
|    |||    ||		opinions expressed are not those of SBCM, Inc.

Hi all,
I think there are at least two ways to get the message without breaking
PGP.
The first one is rather simple.
NSA got the receiver of the message and perhaps the receiver had stored
the decrypted message.
The second is more interesting. I've seen it once in the german TV (serious!!).
It deals with the possibilities and modern methods of security agencies to break
into your privacy.
The guys there had a little transporter-vehicle containing a simple antenna
some electronics and a monitor. The antenna pointed to a monitor in a flat
50-100m (meters) away. With little "snow" they could see everything, which
appears on the screen in the flat.
It is also possible to put a device around your power-supply-cable and to
measure the high frequency. Same result.

Conclusion:
Throw a dice 1000 times and use vernam or rewrite PGP in FORTH :-).

Volker

In article <1993Dec2.164913.21687@mnemosyne.cs.du.edu> mpjohnso@nyx10.cs.du.edu (Michael Johnson) writes:
:The preceding message was brought to you by the KGB, or some other intelligence
:organization, that wants you to believe that PGP is insecure so you won't use
:it.  They want to read your mail.

No, much less prosaic.  Just some bloody practical joker.  I wouldn't be
at all surprised if our old friend an8785 hasn't returned with a new
account!

G

>>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>>arrested  _one day_ before he and others wee to stage a protest at government
>>buildings; the police had a copy of a message sent by Steingold to another
>>activist, a message which had been encrypted with PGP and sent through E-mail.

Has he ever considered that the guy he sent the e-mail to might have been an
informer?

Dan "will pour water on pretty scary-sounding conspiracy theories for food"
Case

April 1 already?  Amazing.
--
adam@rice.edu | These are not Rice's opinions.  Nor are they those of IS,
the Honor Council, Tony Gorry, God, or Kibo.  They're mine.  Got it?  Good.
"The object of life is to make sure you die a weird death."--Thomas Pynchon
Save the Choad! | Keep electronic privacy legal; support EFF. | 64,928 | Fnord

an54588@anon.penet.fi writes:



>	A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.


No no no no no. You have it all wrong. It was Craig Shergold. See, he had this
incurable Urban Legend, and was hoping that the world would flood him with
encypted postcards. The NSA, realizing this would slow down the delivery of
Calcified Documents Through Ordinary Postal Services, decided that it must be
stopped.

Anyway, Craig Rhodes was unemployed, his car had been repossessed, and his name
had been changed from Dave my a malicious followup edit. He got this letter,
and presto, his wife left him, his dog died, and he generally felt like he was
part of the Country top-10.

Curiously, he was from Idaho, which has been conclusively proven not to exist
by none other than our dearest friend Dan "Prussian Blue" Gannon. You can read
the true story by referencing Richard Hoagland's expose "What Deep Throat Told
Me On Mars." Order now, and you can get three tickets for the Oliver Stone
Happy Fun Ride.

This post is tentative, pending further data.

"Those who abandon Ben Franklin for greater security are doomed to
 repeat it."


(all non .alt groups removed from header)

___Samuel___
--
_________I_claim_and_accept_sole_responsibility_for_the_above._SjG.____________
                      <goldstein@aerospace.aero.org>
     ROOTLESS COSMOPOLITANISM! IMAGINARY SHI'ITE FANATICS! PIRATE UTOPIAS!
                            (Chaos never died)

|The preceding message was brought to you by the KGB, or some other intelligence
|organization, that wants you to believe that PGP is insecure so you won't use
|it.  They want to read your mail.

I have trouble imagining an intelligence agency would try something
like this in such an unintelligent manner.

I believe it was just some anonymous idiot.

In article <CHF9sn.D5@acsu.buffalo.edu> v140pxgt@ubvms.cc.buffalo.edu (Daniel B Case) writes:
>>>In Idaho, a left-wing activist by the name of Craig Steingold ...

>Has he ever considered that the guy he sent the e-mail to might have been an
>informer?

Have you ever considered that the whole story might be false?

-- Richard
--

The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
several Crays dedicated to the task for 10 years (give or take a couple).
But they can't crack it in a "reasonable" timeframe.

Witness a recent court case in San Jose, California. The District Court of
San Jose subpoenaed all documentation concerning PGP from two companies
(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
a convicted felon's PGP-encrypted mail and files because they couldn't
break the encryption without taking a goodly number of years.

They failed to find the back door they wanted.

--
Rat <ratinox@ccs.neu.edu>                Northeastern's Stainless Steel Rat
             PGP 2.x Public Key Block available upon request
    GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | |  |  |  |   |   |    |    |    |   |   |  |  |  |  | | | | | |||
         No Zooanoids were injured in the making of this message.

an54588@anon.penet.fi writes:

>. . . . In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.

Are you sure that isn't "Craig Sheregold" and a postcard?
--
"God so loved Dexter that he put the University of Michigan somewhere
else."

In article <RATINOX.93Dec2171655@atlas.ccs.neu.edu>, ratinox@atlas.ccs.neu.edu (Richard Pieri) writes...
>The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>several Crays dedicated to the task for 10 years (give or take a couple).
>But they can't crack it in a "reasonable" timeframe.

How about someone explaining why PGP is such a great and unbreakable code?

I see people posting articles all the time with a long and annoying "PGP
Public Key" attached at the end.

So, tell me why this annoying PGP key is really so good?

-----------------------------------------------------------------------
Regards,
B.J. Guillot ... Houston, Texas USA           I don't believe in coffee

>In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>	A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
                                                        ^^^^^^^^^^^^^^^
How big a collection of business cards did he have?

>arrested  _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.


--
Gerald Ruderman
g@vanward.ci.net

Scott Pallack (skybird@satelnet.org) writes:

> This is trivial to test.  Compile the program using an older compiler,
> translate the program into fortran or something or hand-code it in
> assembler.
> Compare the outputs.
> I'll bet they're the same.

You'll lose, because they won't be. Even if you run one and the same
copy of PGP twice, encrypting one and the same message, to one and the
same person - the results will be different. This has already been
discussed in alt.security.pgp.

> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.

Nonsense. There is a provably uncrackable cypher. The One-Time Pad.

> Doesn't have a PGP key.  Can't see much use for one, either.

There are many. Read the docs. Just because you have nothing to hide
does not mean that you have no reasons to use public key
cryptography.

Regards,
Vesselin
--
Vesselin Vladimirov Bontchev          Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226      Fachbereich Informatik - AGN
< PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de        22527 Hamburg, Germany

In article <064303Z02121993@anon.penet.fi>,  <an54588@anon.penet.fi> wrote:
>
>	It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied.
                                                                ^^^^^^^^

Don't you mean, "unless they compiled" ?



--
----------------------------------------------------------------------
Jon Stone                                             jdstone@ingr.com
Intergraph Corporation, Boulder, CO                     (303) 581-2319
----------------------------------------------------------------------

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:

>         A lot of people think that PGP encryption is unbreakable and that the
> NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a
> deadly mistake.
Thank god for kill files........

In <2dneeo$ofc@rzsun02.rrz.uni-hamburg.de> bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) writes:
>Scott Pallack (skybird@satelnet.org) writes:

>> This is trivial to test.  Compile the program using an older compiler,
>> translate the program into fortran or something or hand-code it in
>> assembler.
>> Compare the outputs.
>> I'll bet they're the same.

>You'll lose, because they won't be. Even if you run one and the same
>copy of PGP twice, encrypting one and the same message, to one and the
>same person - the results will be different. This has already been
>discussed in alt.security.pgp.

Scott Pallack was discussing the output of a compiler that compiles the PGP
C code. He was not discussing the output of PGP itself.

--
Gerald Ruderman
g@vanward.ci.net

In article <2dneeo$ofc@rzsun02.rrz.uni-hamburg.de>,
Vesselin Bontchev <bontchev@fbihh.informatik.uni-hamburg.de> wrote:
>Scott Pallack (skybird@satelnet.org) writes:
>> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.
>
>Nonsense. There is a provably uncrackable cypher. The One-Time Pad.

Nonsense.  The One-Time Pad can be cracked by `practical cryptanalysis.'
That's a delightful euphemism for surreptitious entry, burglary,
interception of key material, etc.  Read ``The Puzzle Palace'' by Bamford.

Rujith de Silva.

In <RATINOX.93Dec2171655@atlas.ccs.neu.edu> ratinox@atlas.ccs.neu.edu (Richard Pieri) writes:

>The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>several Crays dedicated to the task for 10 years (give or take a couple).
>But they can't crack it in a "reasonable" timeframe.

>Witness a recent court case in San Jose, California. The District Court of
>San Jose subpoenaed all documentation concerning PGP from two companies
>(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
>a convicted felon's PGP-encrypted mail and files because they couldn't
>break the encryption without taking a goodly number of years.

>They failed to find the back door they wanted.

Meaningless.

That the Department of Justice can't crack PGP does not imply the NSA or
Department of Defense can't.

bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) writes:

>Scott Pallack (skybird@satelnet.org) writes:

>> This is trivial to test.  Compile the program using an older compiler,
>> translate the program into fortran or something or hand-code it in
>> assembler.
>> Compare the outputs.
>> I'll bet they're the same.

>You'll lose, because they won't be. Even if you run one and the same
>copy of PGP twice, encrypting one and the same message, to one and the
>same person - the results will be different. This has already been
>discussed in alt.security.pgp.

I believe that Scott was talking about the COMPILER output here. The idea is
that the same MACHINE code will be generated.

>> BTW--ALWAYS assume that the NSA can decrypt anything you encrypt.

>Nonsense. There is a provably uncrackable cypher. The One-Time Pad.

Any cypher can be cracked. It involves Mr Secret Agent holding his pistol to
some sensitive part of your body and saying "One last time, now. What's the
key?"

___Samuel___
--
_________I_claim_and_accept_sole_responsibility_for_the_above._SjG.___________
 And the Devil asked me to supper - he said `careful with the spoons!'
 And God said `Oh, ignore him! I've got all your albums.'
 I said `Yes, but who's got all the tunes?' -- Robyn Hitchcock, of course.

>>>>> In article <3DEC199309331349@elroy.uh.edu>, st1r8@elroy.uh.edu
>>>>> (B.J. Guillot) writes:
st1r8> In article <RATINOX.93Dec2171655@atlas.ccs.neu.edu>, ratinox@atlas.ccs.neu.edu (Richard Pieri) writes...

>> The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>> several Crays dedicated to the task for 10 years (give or take a couple).
>> But they can't crack it in a "reasonable" timeframe.

st1r8> How about someone explaining why PGP is such a great and unbreakable
st1r8> code?

No cypher is unbreakable. It's just that PGP is so extremely difficult and
time consuming to try to break that it isn't worth it. Anyhow, my own
couple of bits on PGP:

PGP
===

PGP  is a "public key"  encryption system.  Encryption  is  the  science of
encoding information  in such a  way  that it's impossible (or  at least as
difficult  as  possible)  to  see  the  information  unless  you  have  the
appropriate key.

Most encryption systems in  use today are "single key" systems; that is,  a
single  key is  used to both  encrypt  and decrypt information. The flaw in
single-key systems is that a secure means of distributing keys is required:
if  anyone  discovers the  key, anything encrypted with  that  key  can  be
easilly seen. Of course, if you have a truely secure means of  distributing
the key, then why do you need a cryptosystem? This is something the gummint
tends to  ignore. BTW, the  Federal DES and the  European  IDEA cyphers are
examples of single-key cryptosystems.

Public key cryptosystems  use a different method of  cryptography--they use
two keys instead of just one. "Cleartext"  (the unencrypted information) is
encrypted  with one  of the  keys.   But  this  key  will  not decrypt  the
"cyphertext" (the encrypted information); but the other key in the key pair
will. Anything encrypted  with one key can be decrypted with the other. One
of the keys  in a public key  pair is called the "public key" and the other
is called the "secret key." By distributing your public key, anyone can use
it  to encrypt message meant for you,  messages that can only  be decrypted
with your secret  key.  Unlike  single-key  systems,  public key  does  not
require a  secure  means for exchange  of keys,  making it that  much  more
secure.

PGP, Pretty  Good Privacy, uses a combination of  the Rivest-Shamir-Adleman
(RSA)  public key algorithm and the International Data Encryption Algorithm
(IDEA), both of which have, to date, resisted all forms  of cryptanalitical
attacks. It  should  be  noted  that use of  the  Federal  Data  Encryption
Standard  (DES) is encouraged  by the  NSA for  corporate use, but  not for
classified information--makes you wonder, doesn't it?

Why  would you want encryption?  According to  the gummint, you  must  have
something illegal to hide if you do. Well,  everyone and their brother uses
envelopes  to send  mail through the  Postal  Service, right? Why? Privacy.
Everyone  wants their  privacy,  and  that's  what  PGP  provides. There is
nothing illegal about it. But the gummint wants it that way.

That's true.  Last year,  the FBI attempted to pass a bill through Congress
that would require trap doors be placed in communication systems (the phone
company primarily) so that government angencies with warrants could easilly
tap in. Fortunately, it failed because manufacturers didn't want to pay the
costs to add the equipment, and Libertarians balked at the privacy issues.

The  new  "Clipper  Chip" the  gummint  is  now  pressing  uses  a  two-key
cryptosystem similar to PGP.  So  will  the  Internet Privacy Enhanced Mail
(PEM) package. The problem with these  systems  is  that the  gummint  or a
government  assigned agency will hold all keys in  escrow, so that they can
decrypt  messages whenever they want. This  is  something that Libertarians
like myself are against. Which is why we use PGP.

If  you're still interested  in PGP, it  is  available from  many FTP sites
around the world:

Finland:    nic.funet.fi  (128.214.6.100)
            Directory: /pub/unix/security/crypt/

Italy:      ghost.dsi.unimi.it  (149.132.2.1)
            Directory: /pub/security/

UK:         src.doc.ic.ac.uk
            Directory: /computing/security/software/PGP

It runs on  Unix, VAX/VMS, MS-DOS, Atari ST,  Amiga, Macintosh, and  can be
ported to run on just about anything.  The current version  is 2.3A, and is
available as   source,   and  binaries   for  MS-DOS are    available.  The
documentation goes into more depth about cryptography, and specifically how
PGP functions.

As Arlo Guthrie put it:

  You know,  if one  person, just  one person does it they  may  think he's
  really sick and won't take  him. And if two people, two people  do it, in
  harmony, they may think they're both  faggots and they won't  take either
  of them.  And three people, three, can you imagine, three  people walking
  in sing a bar of Alice's Restaurant and walking out.  They may think it's
  an organization.  And  can  you  imagine fifty people a day, I said fifty
  people a day walking in sing a bar of Alice's Restaurant and walking out.
  And friends they may thinks it's a movement.

rat-pgp.el
==========

rat-pgp.el is a GNU  Emacs interface to the PGP public key system.  It lets
you easilly encrypt and decrypt message, sign messages with your secret key
(to prove  that it really came from you). It  does  signature verification,
and it  provides  a number  of  other  functions.  The  package  is growing
steadily as more is added. It is my intention that it will eventually allow
as much functionality as accessing PGP directly.

rat-pgp.el is about to  undergo a complete  re-write that will dramatically
increase it's functionality. Watch my .sig for further information.

The most recent version of rat-pgp.el is always available via anonymous FTP
at ftp.ccs.neu.edu, directory /pub/ratinox/emacs-lisp/rat-pgp.el.

-- 
Rat <ratinox@ccs.neu.edu>                Northeastern's Stainless Steel Rat
             PGP 2.x Public Key Block available upon request
    GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | |  |  |  |   |   |    |    |    |   |   |  |  |  |  | | | | | |||
`PGP,'  warns Dorothy  Denning,  a Georgetown University professor  who has
worked closely with the National Security Agency, `could potentially become
a widespread problem.'                                       --E. Dexheimer

In article <2dneeo$ofc@rzsun02.rrz.uni-hamburg.de>,
Vesselin Bontchev <bontchev@fbihh.informatik.uni-hamburg.de> wrote:
>Scott Pallack (skybird@satelnet.org) writes:

>
>> Doesn't have a PGP key.  Can't see much use for one, either.
>
>There are many. Read the docs. Just because you have nothing to hide
>does not mean that you have no reasons to use public key
>cryptography.

Maybe he's read the docs and still feels that way. :-)

We don't know for sure if he's talking about PGP for him (though that's
what his phrasing suggests), PGP generally, Public Key for him, or Public
Key generally.

PGP fans need to keep in mind that most arguments for Public Key don't
necessarily imply PGP.

David
--
David Sternlight         When the mouse laughs at the cat,
                         there is a hole nearby.--Nigerian Proverb

In article <2dlmna$a7p@sefl.satelnet.org> skybird@satelnet.org (Scott Pallack) writes:
>This is trivial to test.  Compile the program using an older compiler,
>translate the program into fortran or something or hand-code it in
>assembler.
>Compare the outputs.
>I'll bet they're the same.

Do all un-spooked compilers produce the same output?
--
Anton Sherwood   *\\*   +1 415 267 0685   *\\*   DASher@netcom.com
Bureau of Making Sure You Get Enough Sleep and Eat Your Vegetables
Disclaimer:    The above is likely to refer to anecdotal evidence.

In article <RATINOX.93Dec2171655@atlas.ccs.neu.edu> ratinox@atlas.ccs.neu.edu (Richard Pieri) writes:
> The District Court of
>San Jose subpoenaed all documentation concerning PGP from two companies
>(ViaCrypt and Austin Code Works) in an attempt at finding a back door into
>a convicted felon's PGP-encrypted mail and files because they couldn't
>break the encryption without taking a goodly number of years.
>
>They failed to find the back door they wanted.

That shows that if the spook story is true, the following must be true:

 - ViaCrypt and Austin Code Works didn't keep documentation of the backdoor
   (or if they did, the NSA leaned on them not to reveal it even under
   subpoena).

 - The NSA doesn't find prosecution of a common felon to be worth
   showing its hand.

Neither is surprising in the context of this yarn.
--
Anton Sherwood   *\\*   +1 415 267 0685   *\\*   DASher@netcom.com
Bureau of Making Sure You Get Enough Sleep and Eat Your Vegetables
Disclaimer:    The above is likely to refer to anecdotal evidence.

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>
>	:
> Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for the
>modification (each ot these companies' boards contains at least one Trilateral
>Commission member or Bilderberg Committee attendant).

Very good.  You had me worried there until I got to this part.

I suppose if we all used pure RSA, the Illuminati would blackmail
God into putting a trapdoor into the laws of mathematics.

It's all a moot point anyway; the NSA can get your passphrase
by just watching your keystrokes with the atomic transmitter hidden
in your smoke detector. :-):-)

		-ed falk, sun microsystems
		 sun!falk, falk@sun.com

		BAD TRAP, No biscuit!

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>
>	It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied. The
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.
>

So, like, show me the code then.

--Adam
--
            a         e u                                         i     m
   z       b .       . d                                         f n     e
a o n a @ u   c l o y                                               g r
 w   i k t     a p l                                                 e

In article <1993Dec2.124258.28542@midway.uchicago.edu> thf2@midway.uchicago.edu writes:
>
>You're MIS$ING crucial CAPITALIZATION.
>--
>ted frank   | "Danger, Vicki Robinson, Danger!" -- Twiki the Robot in 'Lost
>the u of c  |  in Space,' a television show clearly superior to Star Trek.
>law school  |              Tell your site: "I want my a.t.f.t^3!"
>kibo#=0.5   |  	          	Standard disclaimers apply

 First off, the phrase is:

 "Danger! Will Robinson, DANGER!" this line is credited to the robot of
    'Lost in Space' but the robot WASN'T named Twiki! In fact the robot
     NEVER had a name. He was ONCE called 'Hero' in an early episode, the
     Heath Co. then introduced a kit robot bearing the same name. Irwin
     Allen Productions claimed "It's not our robot!".

  There never was a Vicki Robinson...at least in Lost in Space.

  And the "Twiki" character was from "Buck Rogers"!

  ...I notice you're attending a Law University...I somehow doubt I'd be
 very interested in having an attorney that's as scrambled upstairs as
 you seem to be!


-Avatar-> (aka: Erik K. Sorgatz) KB6LUY          +----------------------------+
TTI(es@soldev.tti.com)or: sorgatz@avatar.tti.com *Government produces NOTHING!*
3100 Ocean Park Blvd. Santa Monica, CA  90405    +----------------------------+
(OPINIONS EXPRESSED DO NOT REFLECT THE VIEWS OF CITICORP OR ITS MANAGEMENT!)

Slaving away in a dark room, vhe@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
>The second is more interesting. I've seen it once in the german TV (serious!!).
>It deals with the possibilities and modern methods of security agencies to break
>into your privacy.
>The guys there had a little transporter-vehicle containing a simple antenna
>some electronics and a monitor. The antenna pointed to a monitor in a flat
>50-100m (meters) away. With little "snow" they could see everything, which
>appears on the screen in the flat.
>It is also possible to put a device around your power-supply-cable and to

Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
an attack?).  I've heard a bit about it, read some stuff on it, and gotten
email from people who have seen videos of it in operation (as well as
one from someone who accidently did it with a sony watchman!).

D


--
|Dan Garcia,Kender@esu.edu|If privacy is outlawed then only outlaws will have |
|#include <stdisclaimer.h>|     privacy - Phil Zimmerman, author of PGP       |
|Coram Deo|Death to Barney|     This space for rent - mail ideas to me --     |
| GCS/MU d--() -p+ c++(c+) l++ u+ e+(*) m++(*) s !n h f+ !g w+ t++(--) r+ !y  |

In article <1993Dec03.225106.120872@zeus.aix.calpoly.edu> awozniak@tuba.aix.calpoly.edu (Sister, spare a hug?) writes:
>In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>>
>>	It took the agency more to modify GNU C, but eventually they did it.
>>The Free Software Foundation was threatened with "an IRS investigation",
>>in other words, with being forced out of business, unless they complied. The
>>result is that all versions of GCC on the FTP sites and all versions above
>>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>>with itself will not help; the code is inserted by the compiler into
>>itself. Recompiling with another compiler may help, as long as the compiler
>>is older than from 1992.
>>
>So, like, show me the code then.
>--Adam
	Yes, I would also like to see the code.  Unless I am
misunderstanding something, what would be the big deal anyway?
Why not just remove the code?

	Gee, I wonder if the government can decrypt this:

	kcuF eht S.U. tnemnrevog!!!

--
===================      __________       ___       __        __
  Rodrigo Zamora               __        __ __      __ _    _ __
===================          __         _______     __  _  _  __
  University of            __          __     __    __   __   __                  Southwestern LA        __________   __       __   __        __ @usl.edu        	 	          `Ruben Zamora in '94'

In article <2dpegi$t8t@jake.esu.edu> kender@esu.edu writes:

>Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
>an attack?).  I've heard a bit about it, read some stuff on it, and gotten
>email from people who have seen videos of it in operation (as well as
>one from someone who accidently did it with a sony watchman!).

Way back when, there was a Dutch engineer named Van Eck who got a bee in
his bonnet about computer security.  He knew that computer monitors,
serial cables, keyboard cables, etc. spewed RF out into the aether with
abandon, and that anyone could detect these signals.  He proposed to
NATO HQ that they tighten up their security, and they ignored him.  In
order to drive his point home, he mounted a dish antenna in the back of
a van, hooked it to a regular TV, parked the van on the street in front
of NATO HQ, and happily read all sorts of information that people inside
the building were typing into their terminals.  *That* got NATO's
attention!

One result of this stunt was that the process of detecting the RF emissions
from computer terminals became known as "Van Eck Phreaking".  The other
result was TEMPEST, which is a construction standard that manufacturers
of electronic stuff must meet.  TEMPEST is nothing more than a way to
force manufacturers to do some rudimentary shielding of their devices
so as to cut down on RF emissions, and concerns stuff like making sure
that the cables are coax-like shielded and real high-tech stuff like
that.

Now, you, as Mr./Ms. Consumer, do not buy electronic items that have
*any* shielding in them.  So, yes, it is quite possible for your neighbor
to "Van Eck Phreak" what you are watching on TV, quite easy for your
local cable TV provider to tell also, almost guarenteed that your radio/
TV/stereo will be hosed by radio phones and CBs and garage-door openers
and dimmer switches.  The lack of shielding in consumer electronics is
why we can buy VCRs for $125.  The trade-off is that they have that
little FCC notice on them that says (roughly) "This device must not
interfere with anything else, and must accept interference from
everything".

---Bill VanHorne

Daniel Garcia (system overlord) (kender@executor) wrote:
: Slaving away in a dark room, vhe@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
: >The second is more interesting. I've seen it once in the german TV (serious!!).
: >It deals with the possibilities and modern methods of security agencies to break
: >into your privacy.
: >The guys there had a little transporter-vehicle containing a simple antenna
: >some electronics and a monitor. The antenna pointed to a monitor in a flat
: >50-100m (meters) away. With little "snow" they could see everything, which
: >appears on the screen in the flat.
: >It is also possible to put a device around your power-supply-cable and to

: Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
: an attack?).  I've heard a bit about it, read some stuff on it, and gotten
: email from people who have seen videos of it in operation (as well as
: one from someone who accidently did it with a sony watchman!).

   TEMPEST refers the defensive techniques used.

   As a side note, the gov't unloaded a warehouse full of TEMPEST-class
IBM XT's a few months ago in CA.  They were immediately grabbed up by
lots of amateur radio operators who dislike the way that commodity PC's
tend to interfere with their receivers.  :-)

- Rich

--
Rich Mulvey                 Amateur Radio: N2VDS              Rochester, NY
rich@mulvey.com           "QRP is not for sissies"

kender@executor (Daniel Garcia (system overlord)) writes:

>Slaving away in a dark room, vhe@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
>>The second is more interesting. I've seen it once in the german TV (serious!!).
>>It deals with the possibilities and modern methods of security agencies to break
>>into your privacy.
>>The guys there had a little transporter-vehicle containing a simple antenna
>>some electronics and a monitor. The antenna pointed to a monitor in a flat
>>50-100m (meters) away. With little "snow" they could see everything, which
>>appears on the screen in the flat.
>>It is also possible to put a device around your power-supply-cable and to

>Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
>an attack?).  I've heard a bit about it, read some stuff on it, and gotten
>email from people who have seen videos of it in operation (as well as
>one from someone who accidently did it with a sony watchman!).

This is getting away from the subject of crypto, but Tempest is a
(classified) DoD specification for limitation of emissions from computers and
peripherals.
--
----------------------------------------------------------------------
Steve Wildstrom   Business Week Washington Bureau  wild@access.digex.net
    "These opinions aren't necessarily mine or anyone else's."
-----------------------------------------------------------------------

In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
>
>
>	A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others wee to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
>
>	Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.

Do you or a neighbor have a BLACK LABRADOR? They can see through wood and
plaster and similar things that houses are made of and they can HEAR AND
UNDERSTAND ENGLISH spoken at up to 50 meter distances! These animals
have been bred with capability to communicate with litter mates that are
kept by VH1 comedy writers who use downloads from the dogs to "create"
their material. When NSA finds out about this we will be SHIT OUT OF LUCK.

You have been warned.

--
---------------------------------------------------------------------------
John Hesse        : Was it a Bunch of Alcoholics, Troublemakers and Fuckups,
jhesse@netcom.com : or the Bureau of Arsonists, Terrorists and Fascists?
Moss Beach, Calif : But certainly not those Fumbling Bumbling Idiots.
---------------------------------------------------------------------------

In <2dq47c$rvb@charm.magnus.acs.ohio-state.edu> wvhorn@magnus.acs.ohio-state.edu (William VanHorne) writes:

>TEMPEST is nothing more than a way to
>force manufacturers to do some rudimentary shielding of their devices
>so as to cut down on RF emissions, and concerns stuff like making sure
>that the cables are coax-like shielded and real high-tech stuff like
>that.

>Now, you, as Mr./Ms. Consumer, do not buy electronic items that have
>*any* shielding in them.

PGP is popular, and perhaps TEMPEST equipment would sell well also.
Does anyone know of a distributor or catalog of TEMPEST rated shielding
or equipment?

In article <1993Dec5.202948.30574@mulvey.com>,  <rich@mulvey.com> wrote:
>Andrew Bulhak (acb@yoyo.cc.monash.edu.au) wrote:
>: rich@mulvey.com wrote:
>: :    As a side note, the gov't unloaded a warehouse full of TEMPEST-class
>: : IBM XT's a few months ago in CA.  They were immediately grabbed up by
>: : lots of amateur radio operators who dislike the way that commodity PC's
>: : tend to interfere with their receivers.  :-)
>
>: Is this an UL? I heard that TEMPEST was a restricted
>: technology, and that such equipment would be incinerated/recycled rather
>: than sold.
>
>    Nope - as I told someone who asked me about it via e-mail, a number of
>people purchased TEMPEST PC's from an ad that was posted on rec.radio.swap
>a ferw months ago.

Well, there's a difference between a minimal specification and a machine
which happens to comply.  Given that most XT's shouldn't generate too much
interference internally anyway, the degree of shielding could easily be
overkill without too much extra expense.  In short, I doubt if one could
learn much of anything about Tempest outside the obvious by examining an
XT.
--
-------------------------------------------------------------------------------
 supercat@mcs.com    |  "Je crois que je ne vais jamais voir...  |   J\_/L
 John Payson         |   Un animal si beau qu'un chat."          |  ( o o )

rich@mulvey.com wrote:
: Daniel Garcia (system overlord) (kender@executor) wrote:
: : Slaving away in a dark room, vhe@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
: : >The second is more interesting. I've seen it once in the german TV (serious!!).
: : >It deals with the possibilities and modern methods of security agencies to break
: : >into your privacy.
: : >The guys there had a little transporter-vehicle containing a simple antenna
: : >some electronics and a monitor. The antenna pointed to a monitor in a flat
: : >50-100m (meters) away. With little "snow" they could see everything, which
: : >appears on the screen in the flat.
: : >It is also possible to put a device around your power-supply-cable and to

: : Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
: : an attack?).  I've heard a bit about it, read some stuff on it, and gotten
: : email from people who have seen videos of it in operation (as well as
: : one from someone who accidently did it with a sony watchman!).

:    TEMPEST refers the defensive techniques used.

:    As a side note, the gov't unloaded a warehouse full of TEMPEST-class
: IBM XT's a few months ago in CA.  They were immediately grabbed up by
: lots of amateur radio operators who dislike the way that commodity PC's
: tend to interfere with their receivers.  :-)

Is this an UL? I heard that TEMPEST was a restricted
technology, and that such equipment would be incinerated/recycled rather
than sold.

--
Andrew Bulhak            acb@yoyo.cc.monash.edu.au
Restriction disco still in effect.

In <dasherCHH8n7.5w1@netcom.com>, dasher@netcom.com (D. Anton Sherwood) writes:
>In article <2dlmna$a7p@sefl.satelnet.org> skybird@satelnet.org (Scott Pallack) writes:
>>This is trivial to test.  Compile the program using an older compiler,
>>translate the program into fortran or something or hand-code it in
>>assembler.
>>Compare the outputs.
>>I'll bet they're the same.
>
>Do all un-spooked compilers produce the same output?

   Of course not. Even different versions of the same compiler are unlikely to
produce the same code. Depending on the optimization technology used, very small
changes in the source can result in fairly wide sweeping changes in the
generated code.

   I can assure folks that no such spooks have been placed in IBM's OS/2 C and
C++ compilers. It would be very difficult to do, difficult to hide unless you
reproduced that moby hack talked about before -- but if you did pull it off, it
would be even more difficult -- and I know of only a few people around here
capable of doing something like that -- and none of them would be in the least
bit inclined to do it. We have very tight schedules -- no time for that
sort of thing. The guy who started all this either must think he has a great
sense of humor, or he's seriously paraniod. (Not that paranoids don't have
enemies -- just not as many as they think.)

Regards,          | "...Then anyone who leaves behind him a written manual, and
Ian R. Ameline    | likewise anyone who receives it, in the belief that such
(speaking for     | writing will be clear and certain, must be exceedingly
 myself only)     | simple-minded..."  Plato, _Phaedrus_

Graham Toal (gtoal@an-teallach.com) wrote:
: In article <064303Z02121993@anon.penet.fi> an54588@anon.penet.fi writes:
...[a rant about the global anti-PGP conspiracy]....
: Ho ho ho!  'Craig Steingold'.  'Paul Zimmerman'.  Very amusing.
: Unfortunately you posted this joke to a few other groups who might not
: recognise the humor in it.  Why didn't you go the whole hog and include
: alt.folklore.urban too???

Ummm... I'm sure I'll kick myself, but who's 'Craig Steingold' (or
rather, who *isn't* he).  I recognize the error in Zimmerman's name,
but I don't know Steingold.

--
      _/_/_/ THIS MESSAGE WAS BROUGHT TO YOU BY: Postmodern Enterprises _/_/_/
     _/_/    ~~~~~~~~~~~~~~~~[quilty@philos.umass.edu]~~~~~~~~~~~~~~~~~  _/_/
    _/_/  The opinions expressed here must be those of my employer...   _/_/
   _/_/_/_/_/_/_/_/_/_/ Surely you don't think that *I* believe them!  _/_/

In article <2dt70e$76q@nic.umass.edu> quilty@twain.ucs.umass.edu (Lulu of the lotus-eaters) writes:
>Ummm... I'm sure I'll kick myself, but who's 'Craig Steingold' (or
>rather, who *isn't* he).  I recognize the error in Zimmerman's name,
>but I don't know Steingold.

Paul Zimmerman != Phil Zimmerman
Craig Steingold != Craig Shergold
GCC Compiler attack != PCC Compiler attack

Craig Shergold is (and has been for about 10 years now) a 7 yr old kid who
wanted to collect postcards before he died of some fatal illness, who
unfortunately recovered; meanwhile do-gooders the world over continue
to flood his home, his hospital, and the UK postal system with get-well cards.
Not to mention several American scams trying to make money out of the ongoing
momentum of what is turning into an urban legend, and a con that involves
getting address lists of *really* gullible people by collecting their business
cards for 'young craig'...

The attack on the compiler to hide a trojan in the login program was
a paper by ken Richie in the early days of Unix.  As far as i know, he never
actually implemented it.  (Or if he did, he certainly never released it.
Of course, you could always ask him if you really wanted to know for sure)

G

Andrew Bulhak (acb@yoyo.cc.monash.edu.au) wrote:
: rich@mulvey.com wrote:
: : Daniel Garcia (system overlord) (kender@executor) wrote:
: : : Slaving away in a dark room, vhe@sunnyboy.informatik.tu-chemnitz.de (Volker Hetzer) produced:
: : : >The second is more interesting. I've seen it once in the german TV (serious!!).
: : : >It deals with the possibilities and modern methods of security agencies to break
: : : >into your privacy.
: : : >The guys there had a little transporter-vehicle containing a simple antenna
: : : >some electronics and a monitor. The antenna pointed to a monitor in a flat
: : : >50-100m (meters) away. With little "snow" they could see everything, which
: : : >appears on the screen in the flat.
: : : >It is also possible to put a device around your power-supply-cable and to

: : : Yes, it's called TEMPEST (or, is that the name of protection AGAINST such
: : : an attack?).  I've heard a bit about it, read some stuff on it, and gotten
: : : email from people who have seen videos of it in operation (as well as
: : : one from someone who accidently did it with a sony watchman!).

: :    TEMPEST refers the defensive techniques used.

: :    As a side note, the gov't unloaded a warehouse full of TEMPEST-class
: : IBM XT's a few months ago in CA.  They were immediately grabbed up by
: : lots of amateur radio operators who dislike the way that commodity PC's
: : tend to interfere with their receivers.  :-)

: Is this an UL? I heard that TEMPEST was a restricted
: technology, and that such equipment would be incinerated/recycled rather
: than sold.

    Nope - as I told someone who asked me about it via e-mail, a number of
people purchased TEMPEST PC's from an ad that was posted on rec.radio.swap
a ferw months ago.

- Rich
--
Rich Mulvey                 Amateur Radio: N2VDS              Rochester, NY
rich@mulvey.com           "QRP is not for sissies"

acb@yoyo.cc.monash.edu.au (Andrew Bulhak) writes:

>Is this an UL? I heard that TEMPEST was a restricted
>technology, and that such equipment would be incinerated/recycled rather
>than sold.

>--

I bought a surplus plotter a while back that was enclosed a Tempest R.F.
proof box.  The box even has a metallized (gold?) window so you can
watch the plotter as it draws.  Still got the box somewhere if anyone
is real paranoid.

By the way, this implies that not only CRT's can be spied on, but also
plotters, and probably printers, modems, and everything else that has
digital bits flipping around inside.
--
------------------------------------------------------------------------------
|                          |  Note: The above message is encrypted with      |
|  David Adams             |        the new NSA unbreakable PFGP plain-text- |
|  vera2@netcom.com        |        in/plain-text-out system.  The above     |
|                          |        message only appears to say what it says.|
|  'Bob Wills Lives'       |  PFGP KEY: XYZZYNUCLEARPLUGHDEVICEREVOLPPLANS   |
|                          |            SPELUBREAKBLERBITHISKNERLNSAKLAETU   |
------------------------------------------------------------------------------