Date: Sun, 10 Oct 93 22:28:34 PDT Reply-To: Return-Path: Message-ID: Mime-Version: 1.0 Content-Type: text/plain From: surfpunk@versant.com (onpx ba gur nve) To: surfpunk@versant.com (SURFPUNK Technical Journal) Subject: [surfpunk-0097] PRZ: trouble brewing # In Starfleet, all communications are encrypted # automatically. Although there is no honor in # knowledge gained through stolen transmissions, some of # our enemies have no honor. A true Klingon does not # "sneak"-he shouts into the face of his enemy. But I have # seen many types of dishonor, and so I am prepared for it. # # --Lieutenant Worf, chief of security, U.S.S.Enterprise # "20th century computers and how they worked" # by Jennifer Flynn # From: Brian D Williams # This issue has three articles by Philip R Zimmerman (the author of PGP): -- testimony to U S House subcommittee [12oct93] -- DES Key Search Paper -- Statement from Zimmermann on PGP investigation [19sep93] The first piece will be given in testimony this Tuesday. The second article is true. We've seen the details of this design at the Mountain View Cypherpunks meeting, and DES is dead. The alternative to PGP is to use PEM, in which your plaintext is encrypted with a session key using simple DES. If DES is dead, then PEM, as it is defined today, is also dead. Most of you already know about the grand jury supoenas to companies that had something to do with PGP; these were about three weeks ago. If so you're probably seen the last piece. Perhaps most of you have not donated to Phil's legal defense. Here is his request, from the last article below. As cypherpunks say, Cryptography is Economics, and for PGP users, this case should be a worthy investment. -- strick Those wishing to contribute financially or otherwise should contact either me or Philip L. Dubois, Esq., at dubois@csn.org or by phone at 303-444-3885 or by mail at 2305 Broadway, Boulder, CO, 80304. Donated funds will be kept in a trust account, and all contributions will be accounted for. -- Phil Zimmerman ________________________________________________________________________ ________________________________________________________________________ Subject: Zimmermann testimony to House subcommittee To: cypherpunks@toad.com (Cypherpunks) Date: Sat, 9 Oct 93 11:57:54 MDT From: Philip Zimmermann Reply-To: Philip Zimmermann Testimony of Philip Zimmermann to Subcommittee for Economic Policy, Trade, and the Environment US House of Representatives 12 Oct 1993 Mr. Chairman and members of the committee, my name is Philip Zimmermann, and I am a software engineer who specializes in cryptography and data security. I'm here to talk to you today about the need to change US export control policy for cryptographic software. I want to thank you for the opportunity to be here and commend you for your attention to this important issue. I am the author of PGP (Pretty Good Privacy), a public-key encryption software package for the protection of electronic mail. Since PGP was published domestically as freeware in June of 1991, it has spread organically all over the world and has since become the de facto worldwide standard for encryption of E-mail. The US Customs Service is investigating how PGP spread outside the US. Because I am a target of this ongoing criminal investigation, my lawyer has advised me not to answer any questions related to the investigation. I. The information age is here. Computers were developed in secret back in World War II mainly to break codes. Ordinary people did not have access to computers, because they were few in number and too expensive. Some people postulated that there would never be a need for more than half a dozen computers in the country. Governments formed their attitudes toward cryptographic technology during this period. And these attitudes persist today. Why would ordinary people need to have access to good cryptography? Another problem with cryptography in those days was that cryptographic keys had to be distributed over secure channels so that both parties could send encrypted traffic over insecure channels. Governments solved that problem by dispatching key couriers with satchels handcuffed to their wrists. Governments could afford to send guys like these to their embassies overseas. But the great masses of ordinary people would never have access to practical cryptography if keys had to be distributed this way. No matter how cheap and powerful personal computers might someday become, you just can't send the keys electronically without the risk of interception. This widened the feasibility gap between Government and personal access to cryptography. Today, we live in a new world that has had two major breakthroughs that have an impact on this state of affairs. The first is the coming of the personal computer and the information age. The second breakthrough is public-key cryptography. With the first breakthrough comes cheap ubiquitous personal computers, modems, FAX machines, the Internet, E-mail, digital cellular phones, personal digital assistants (PDAs), wireless digital networks, ISDN, cable TV, and the data superhighway. This information revolution is catalyzing the emergence of a global economy. But this renaissance in electronic digital communication brings with it a disturbing erosion of our privacy. In the past, if the Government wanted to violate the privacy of ordinary citizens, it had to expend a certain amount of effort to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This is analogous to catching fish with a hook and a line, one fish at a time. Fortunately for freedom and democracy, this kind of labor-intensive monitoring is not practical on a large scale. Today, electronic mail is gradually replacing conventional paper mail, and is soon to be the norm for everyone, not the novelty is is today. Unlike paper mail, E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. This is analogous to driftnet fishing-- making a quantitative and qualitative Orwellian difference to the health of democracy. The second breakthrough came in the late 1970s, with the mathematics of public key cryptography. This allows people to communicate securely and conveniently with people they've never met, with no prior exchange of keys over secure channels. No more special key couriers with black bags. This, coupled with the trappings of the information age, means the great masses of people can at last use cryptography. This new technology also provides digital signatures to authenticate transactions and messages, and allows for digital money, with all the implications that has for an electronic digital economy. (See appendix) This convergence of technology-- cheap ubiquitous PCs, modems, FAX, digital phones, information superhighways, et cetera-- is all part of the information revolution. Encryption is just simple arithmetic to all this digital hardware. All these devices will be using encryption. The rest of the world uses it, and they laugh at the US because we are railing against nature, trying to stop it. Trying to stop this is like trying to legislate the tides and the weather. It's like the buggy whip manufacturers trying to stop the cars-- even with the NSA on their side, it's still impossible. The information revolution is good for democracy-- good for a free market and trade. It contributed to the fall of the Soviet empire. They couldn't stop it either. Soon, every off-the-shelf multimedia PC will become a secure voice telephone, through the use of freely available software. What does this mean for the Government's Clipper chip and key escrow systems? Like every new technology, this comes at some cost. Cars pollute the air. Cryptography can help criminals hide their activities. People in the law enforcement and intelligence communities are going to look at this only in their own terms. But even with these costs, we still can't stop this from happening in a free market global economy. Most people I talk to outside of Government feel that the net result of providing privacy will be positive. President Clinton is fond of saying that we should "make change our friend". These sweeping technological changes have big implications, but are unstoppable. Are we going to make change our friend? Or are we going to criminalize cryptography? Are we going to incarcerate our honest, well-intentioned software engineers? Law enforcement and intelligence interests in the Government have attempted many times to suppress the availability of strong domestic encryption technology. The most recent examples are Senate Bill 266 which mandated back doors in crypto systems, the FBI Digital Telephony bill, and the Clipper chip key escrow initiative. All of these have met with strong opposition from industry and civil liberties groups. It is impossible to obtain real privacy in the information age without good cryptography. The Clinton Administration has made it a major policy priority to help build the National Information Infrastructure (NII). Yet, some elements of the Government seems intent on deploying and entrenching a communications infrastructure that would deny the citizenry the ability to protect its privacy. This is unsettling because in a democracy, it is possible for bad people to occasionally get elected-- sometimes very bad people. Normally, a well-functioning democracy has ways to remove these people from power. But the wrong technology infrastructure could allow such a future government to watch every move anyone makes to oppose it. It could very well be the last government we ever elect. When making public policy decisions about new technologies for the Government, I think one should ask oneself which technologies would best strengthen the hand of a police state. Then, do not allow the Government to deploy those technologies. This is simply a matter of good civic hygiene. II. Export controls are outdated and are a threat to privacy and economic competitivness. The current export control regime makes no sense anymore, given advances in technology. There has been considerable debate about allowing the export of implementations of the full 56-bit Data Encryption Standard (DES). At a recent academic cryptography conference, Michael Wiener of Bell Northern Research in Ottawa presented a paper on how to crack the DES with a special machine. He has fully designed and tested a chip that guesses DES keys at high speed until it finds the right one. Although he has refrained from building the real chips so far, he can get these chips manufactured for $10.50 each, and can build 57000 of them into a special machine for $1 million that can try every DES key in 7 hours, averaging a solution in 3.5 hours. $1 million can be hidden in the budget of many companies. For $10 million, it takes 21 minutes to crack, and for $100 million, just two minutes. That's full 56-bit DES, cracked in just two minutes. I'm sure the NSA can do it in seconds, with their budget. This means that DES is now effectively dead for purposes of serious data security applications. If Congress acts now to enable the export of full DES products, it will be a day late and a dollar short. If a Boeing executive who carries his notebook computer to the Paris airshow wants to use PGP to send email to his home office in Seattle, are we helping American competitivness by arguing that he has even potentially committed a federal crime? Knowledge of cryptography is becoming so widespread, that export controls are no longer effective at controlling the spread of this technology. People everywhere can and do write good cryptographic software, and we import it here but cannot export it, to the detriment of our indigenous software industry. I wrote PGP from information in the open literature, putting it into a convenient package that everyone can use in a desktop or palmtop computer. Then I gave it away for free, for the good of our democracy. This could have popped up anywhere, and spread. Other people could have and would have done it. And are doing it. Again and again. All over the planet. This technology belongs to everybody. III. People want their privacy very badly. PGP has spread like a prairie fire, fanned by countless people who fervently want their privacy restored in the information age. Today, human rights organizations are using PGP to protect their people overseas. Amnesty International uses it. The human rights group in the American Association for the Advancement of Science uses it. Some Americans don't understand why I should be this concerned about the power of Government. But talking to people in Eastern Europe, you don't have to explain it to them. They already get it-- and they don't understand why we don't. I want to read you a quote from some E-mail I got last week from someone in Latvia, on the day that Boris Yeltsin was going to war with his Parliament: "Phil I wish you to know: let it never be, but if dictatorship takes over Russia your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks." Appendix -- How Public-Key Cryptography Works --------------------------------------------- In conventional cryptosystems, such as the US Federal Data Encryption Standard (DES), a single key is used for both encryption and decryption. This means that a key must be initially transmitted via secure channels so that both parties have it before encrypted messages can be sent over insecure channels. This may be inconvenient. If you have a secure channel for exchanging keys, then why do you need cryptography in the first place? In public key cryptosystems, everyone has two related complementary keys, a publicly revealed key and a secret key. Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key. The public key can be published and widely disseminated across a communications network. This protocol provides privacy without the need for the same kind of secure channels that a conventional cryptosystem requires. Anyone can use a recipient's public key to encrypt a message to that person, and that recipient uses her own corresponding secret key to decrypt that message. No one but the recipient can decrypt it, because no one else has access to that secret key. Not even the person who encrypted the message can decrypt it. Message authentication is also provided. The sender's own secret key can be used to encrypt a message, thereby "signing" it. This creates a digital signature of a message, which the recipient (or anyone else) can check by using the sender's public key to decrypt it. This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else, because the sender alone possesses the secret key that made that signature. Forgery of a signed message is infeasible, and the sender cannot later disavow his signature. These two processes can be combined to provide both privacy and authentication by first signing a message with your own secret key, then encrypting the signed message with the recipient's public key. The recipient reverses these steps by first decrypting the message with her own secret key, then checking the enclosed signature with your public key. These steps are done automatically by the recipient's software. -- Philip Zimmermann 3021 11th Street Boulder, Colorado 80304 303 541-0140 E-mail: prz@acm.org ________________________________________________________________________ Source: privacy mailing list (?) From: Philip Zimmermann Subject: DES Key Search Paper Michael Weiner presented a paper at Crypto93 that describes a fast DES key search engine that uses a special inside-out DES chip that he designed. This chip takes a single plaintext/ciphertext pair and quickly tries DES keys until it finds one that produces the given ciphertext from the given plaintext. Weiner can get these chips made for $10.50 each in quantity, and can build a special machine with 57000 of these chips for $1 million. This machine can exhaust the DES key space in 7 hours, finding a key in 3.5 hours on the average. He works for Bell Northern Research in Ottawa, and says they have not actually built this machine, but he has the chip fully designed and ready for fabrication. This is a stunning breakthrough in the realization of practical DES cracking. BTW-- note that PEM uses straight 56-bit DES. ________________________________________________________________________ Subject: Statement from Zimmermann on PGP investigation To: cypherpunks@toad.com (Cypherpunks) Date: Sun, 19 Sep 93 12:32:28 MDT From: Philip Zimmermann Cc: dubois@csn.org (Philip L. Dubois) Some of you may have received my Internet message of a couple of days ago about the ongoing U.S. Customs investigation of the exportation of PGP, which has now progressed to the level of Federal Grand Jury subpoenas. This earlier message was intended by me for distribution to a very small group of friends who previously communicated their concern about me and the investigation and asked to be kept informed. I did not send the message to anyone outside this group. Unfortunately, I did not adequately assert my desire that the message not be further disseminated. It appears that the message has gone completely public. This was not my intention. My lawyer, Phil Dubois, has been in touch with the Assistant U.S. Attorney (William Keane) assigned to the investigation. We have no reason to believe that Mr. Keane is anything other than a professional and reasonable person. He made it clear that no decision has been made regarding any prosecution of anyone for any offense in this matter. Such decisions will not be made for some time, perhaps several months. Mr. Keane also made clear his willingness to listen to us (me and my lawyer) before making any decision. It appears that both Mr. Keane's mind and the lines of communication are open. My fear is that public dissemination of my message will close the lines of communication and put Mr. Keane into an irretrievably adversarial position. Such a result would not serve any of our interests. My lawyer tells me that nothing irritates a prosecutor more than being the subject of what he perceives to be an orchestrated publicity campaign. He also tells me that his nightmares involve FOAs (Friends Of the Accused), invariably people with good intentions, doing things on their own. I understand that the issues involved in this investigation are of the greatest importance and transcend my personal interests. Even so, I would rather not turn an investigation into a full-scale federal prosecution. I ask that everyone keep in mind that the government's resources are limitless and that mine are not. Speaking of resources, many of you have offered help, and I am grateful. Those wishing to contribute financially or otherwise should contact either me or Philip L. Dubois, Esq., at dubois@csn.org or by phone at 303-444-3885 or by mail at 2305 Broadway, Boulder, CO, 80304. Mr. Dubois has just got on the Internet and is still learning how to use it. Donated funds will be kept in a trust account, and all contributions will be accounted for. If this whole thing somehow goes away with money left in the account, the balance will be refunded to contributors in proportion to the amounts of their contributions. This message can be widely circulated on public forums. Philip Zimmermann prz@acm.org 303 541-0140 ________________________________________________________________________ ________________________________________________________________________ The SURFPUNK Technical Journal is a dangerous multinational hacker zine originating near BARRNET in the fashionable western arm of the northern California matrix. Quantum Californians appear in one of two states, spin surf or spin punk. Undetected, we are both, or might be neither. ________________________________________________________________________ Send postings to , subscription requests to . WWW Archive at ``http://www.acns.nwu.edu/surfpunk/''. ________________________________________________________________________ ________________________________________________________________________ Interesting bit of Lego exploring produced this cultural artifact. Got the Lego 1993 4 kit Value Set (#1967). Smallest model was a surfer dude with stubble and life preserver. Took 1993 Ice Planet 2000 Lego set figure (from #6879, Blizzard Baron), removed neon orange visor helmet, and switched it with the surfer's hair. Helmet looks vaugely VRish, therefore producing the Lego Surfpunk. -- Benjamin L. Combee (wut zeecret plan!)