Cryptography
Also see Persecution of Phil Zimmerman, Big Brother, Electronic Frontier and Outlaws.
| |
Cryptography Also see Persecution of Phil Zimmerman, Big Brother, Electronic Frontier and Outlaws. |
|---|---|
It Came From Planet Clipper: The Battle Over Cryptographic Key "Escrow" A. Michael Froomkin{1} To be published in the Law of Cyberspace issue of the University of Chicago Legal Forum "The emergence of cryptography as an integral part of modern communications and data storage creates dilemmas for government policy makers. The national interest is clearly well served when citizens have access to secure telecommunications and data storage.{2} The increased use of computers and computer-aided communications such as local area networks ("LANs") and the Internet means that digitized data plays an increasing role in modern life. This digitized data--which can be anything from business's most valuable trade secrets to copyrighted music to intensely personal information--is particularly vulnerable data: it is easy to copy, and often relatively easy to access also. Routine use of encryption means that businesses are better protected against industrial espionage by competitors and foreign governments.{3} It reduces information theft and attacks by "hackers" or saboteurs that could theoretically disrupt banking and finance, utilities including telecommunications and the power grid, and even components of the national defense.{4} Encryption also enhances the ability of citizens to protect their privacy against intrusions ranging from illegal government investigations to nosy relatives."
Nov 1996 Clinton Press Release Also, in issuing the new order, I provided for appropriate controls on the export and foreign dissemination of encryption products transferred to the Department of Commerce. Among other provisions, I determined that the export of encryption products transferred to Department of Commerce control could harm national security and foreign policy interests of the United States even where comparable products are or appear to be available from foreign sources.
SSH Communications Security, Ltd. Develops the SSH software, protocols, and standards Cryptography and data security consulting What Is SSH? SSH is a software package that provides secure login sessions and other communications over an insecure network. It features strong cryptographic authentication, strong encryption, and integrity protection. SSH is commercially available for the Unix, Windows (3.1, 95, NT) platforms, and later for the Apple Macintosh. There is also a non-commercial version for Unix machines, which is only supported in the form of protocol updates. Its purpose is to pursue our goal of making the SSH protocol a de-facto standard in communications security. The non-commercial version acts as a try-before-buy product that allows the customer to try out the software and review the source code before buying the actual product. SSH is currently being used at thousands or tens of thousands of sites in about 50 countries. Its users include top universities and research institutes, major corporations, several government organizations, and numerous small companies and individuals.
Securing 5% of the Internet against Wiretapping in 1996 by John Gilmore My project for 1996 is to secure 5% of the Internet traffic against passive wiretapping. If we get 5% this year, we can secure 20% next year, against both active and passive attacks; and 80% in 1998. Soon the whole Internet will be private and secure. Want to help? The idea is to deploy boxes that will sit between your local area network and the Internet (near your firewall or router) which opportunistically encrypt your Internet packets. Whenever you talk to a machine (like a Web site) that doesn't support encryption, your traffic goes out "in the clear" as usual. Whenever you connect to a machine that does support this kind of encryption, this box automatically encrypts all your packets, and decrypts the ones that come in. In effect, each packet gets put into an "envelope" on one side of the net, and removed from the envelope when it reaches its destination. This works for all kinds of Internet traffic, including Web access, Telnet, FTP, IRC, Usenet, etc.
CryptoLog Welcome to the CryptoLog guide to internet resources on cryptography -- you'll find several hundred pointers to everything from "algorithms" to "vulnerabilities" here. The focus is more on technology than politics, and more on applications than theory -- but the goal is to cover everything on the net that deals directly with cryptography.
Cyphernomicon by Tim May 1.Introduction 2.MFAQ--Most Frequently Asked Questions 3.Cypherpunks -- History, Organization, Agenda 4.Goals and Ideology -- Privacy, Freedom, New Approaches 5.Cryptology 6.The Need For Strong Crypto 7.PGP -- Pretty Good Privacy 8.Anonymity, Digital Mixes, and Remailers 9.Policy: Clipper,Key Escrow, and Digital Telephony 10.Legal Issues 11.Surveillance, Privacy, And Intelligence Agencies 12.Digital Cash and Net Commerce 13.Activism and Projects 14.Other Advanced Crypto Applications 15.Reputations and Credentials 16.Crypto Anarchy 17.The Future 18.Loose Ends and Miscellaneous Topics 19.Appendices 20.README
Introduction to Encryption by Peter Meyer The purpose of this article is to provide information in the area of practical cryptography of interest to anyone wishing to use cryptographic software. I have mostly avoided discussion of technical matters in favor of a more general explanation of what I regard as the main things to be understood by someone beginning to use encryption.
EPIC Cryptography Policy Web EPIC is now making available an extensive series of pages on cryptography policy. Each page highlights an area of controversy and provides links to key documents.
EuroCrypto by Ross Anderson I enclose a paper which has been accepted for ESORICS this year, and which goes into the subject of evidence a bit more
Andre Bacard's "Computer Privacy Handbook" A Book Review Written by Murray Peck I highly recommend Andre Bacard's new book for anyone who cares about privacy. Bacard argues that our "Information Age" has a flip side, namely the "Surveillance Age." With both funny and scary examples, Bacard illustrates how everyone is at risk because of "data sharks" (people, corporations, and governments) who trade our personal secrets for their gain. He devastates the knee jerk reaction "Whatsamatter, I've got nothing to hide." Bacard's earlier book, "Hunger for Power: Who Rules the World and How," prepared him for a fresh view of cyberspace. In "Computer Privacy Handbook," Bacard tells how his meetings with John Markoff, John Perry Barlow, Phil Zimmermann, Jim Warren, Mitchell Kapor and other cyberspace leaders led him to see the connections between political power and computer privacy. Very interesting story...
For Protecting Our Privacy - And Thus, Our Speech, Press, Assembly & Freedom by Jim Warren PGP is a program for encrypting email and files. It differs from the encryption used in most commercial software packages (such as, say, Microsoft Word) in that it uses "strong" encryption --- encryption that no one in the public scientific community can break, and probably no one in the government community can break either.
Sun Announces Skip SKIP which stands for 'Simple Key Management for IP' is a privacy and authentication scheme that has been designed for use with sessionless datagram protocols like IP and IPv6. Developed by Ashar Aziz of Sun Microsystems, Inc. SKIP has been proposed to the Internet Engineering Task Force (IETF) as a standard. SKIP is a public key certificate-based key-management scheme which provides group key-management for Internet multicasting protocols. Designed to be application independent, SKIP can be plugged into the IP Security Protocol (IPSP) or IPv6.
Public Key Cryptography by James Nechvatal This publication presents a state-of-the-art survey of public- key cryptography circa 1988 - 1990. In doing so, it covers a number of different topics including: 1. The theory of public-key cryptography. 2. Comparisons to conventional (secret-key) cryptography. 3. A largely self-contained summary of relevant mathematics. 4. A survey of major existing public-key systems. 5. An exploration of digital signatures and hash functions. 6. A survey of public-key implementations in networks. 7. An introduction to zero-knowledge protocols and probabilistic encryption. 8. An exploration of security issues and key sizes.
Random Number Mathematics David W. Deley This paper presents a number of techniques for analyzing a computer generated sequence of random numbers. Some background theory in probability theory and inferential statistics is presented, and a number of empirical tests are presented along with example programs which apply the tests to several popular random number generators
Dorothy Denning is a Georgetown University professor and acknowledged expert in the mathematics of cryptography. She's even better known for as the avid advocate for giving government a key to unlock all encrypted messages (the euphemism is "Key Escrow"). [[bjc: need I mention that I, and it seems the rest of the civilized universe, vehemently disagree.]]
The Cryptography Project by Dorothy Denning The purpose of the Cryptography Project is to promote the development and use of encryption products that meet the security and privacy needs of users and the public safety, law enforcement, and national security needs of nations. This page provides links to papers that I have authored or co-authored on this topic, to the International Cryptography Institute, and to other selected documents.
Dorothy Denning Letter to Leahy I am concerned that S.1587, the "Encrypted Communications Privacy Act of 1996," is not in balance with society's needs. By removing practically all export controls on encryption, the bill will make it far easier for criminals, terrorists, and foreign adversaries to obtain and use encryption that is impenetrable by our government. The likely effect will be to erode the ability of our law enforcement and intelligence agencies to carry out their missions. This is not consistent with your own findings in the bill which recognize the need for a "national encryption policy that advances the development of the national and global information infrastructure, and preserves Americans' right to privacy and the Nation's public safety and national security."
Chaffing and Winnowing: Confidentiality without Encryption by Ronald L. Rivest. This paper introduces a new technique, which we call ``chaffing and winnowing''---to winnow is to ``separate out or eliminate (the poor or useless parts),'' (Webster's Dictionary), and is often used when referring to the process of separating grain from chaff. Novel techniques for confidentiality are interesting in part because of the current debate about cryptographic policy as to whether law enforcement should be given when authorized surreptitious access to the plaintext of encrypted messages. The usual technique proposed for such access is ``key recovery,'' where law enforcement has a ``back door'' that enables them to recovery the decryption key.
Electronic Privacy Information Center A public interest research center in Washington, DC.It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights.
House Conferees Adopt Unconstitutional Speech Restrictions On December 6, members of the House of Representatives working on the telecommunications reform legislation agreed to adopt a provision that would censor "indecent" speech on the Internet. The language is widely viewed by civil liberties organizations and Constitutional scholars as an impermissible restraint on free speech.
EPIC Crypto Archives Informatioin on U.S. Cryptography Policy. Also EPIC also put forward seven recommendations to reform national cryptography policy. The recommendations follow from a presentation to the National Research Council earlier this year.
BIG BROTHER INCORPORATED A Report on the International Trade in Surveillance Technology and its Links to the Arms Industry. Privacy International, a London-based international human rights group dedicated to improving privacy worldwide, has published a 150 page report on the international trade in surveillance technologies. The report, entitled _Big Brother Incorporated_, provides details on over 100 companies worldwide that sell surveillance technologies, especially to developing countries with poor records on human rights, including China, Indonesia, Nigeria, Angola, Rwanda and Guatemala.
Matt Blaze's ftp directory: cfs.announce How to get the Cryptographic File System (CFS). cfs.notes.ms Latest version of CFS release notes (troff -ms format). cfs.ps PostScript reprint of M. Blaze, "A Cryptographic File System for Unix." Proceedings of First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993. cfskey.ps PostScript reprint of M. Blaze, "Key Management in an Encrypting File System." USENIX Summer 1994 Technical Conference, Boston, MA, June 1994. card_cipher.ps M. Blaze, "High-Bandwidth Encryption with Low-Bandwidth Smartcards." January 18, 1995. Presenteded at Cambridge workshop on Fast Software Encryption, February 1996. PostScript. eesproto.ps M. Blaze, "Protocol Failure in the Escrowed Encryption Standard." Proceedings of Second ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994. PostScript. export.txt M. Blaze, "My Life as an International Arms Courier." January, 1995. Adapated from posting to comp.risks. ASCII text. keylength.txt keylength.ps M. Blaze, W. Diffie, R. Rivest, B. Schneier, T. Shimomura, E. Thompson and M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security". Report of ad hoc panel of cryptographers and computer scientists. January 1996. ASCII (.txt) and PostScript (.ps). keylength.nsa Transcription of memo from NSA regarding above report, with comments from M. Blaze and W. Diffie. July 18, 1996. ASCII. librand.shar "librand" true-random functions for Unix-like machines. mcg.ps M. Blaze and B. Schneier, "The MacGuffin Block Cipher Algorithm." Leuven Workshop on Cryptographic Algorithms, Leuven, Belgium, December 1994. mkcs.ps M. Blaze, J. Feigenbaum and F.T. Leighton, "Master-Key Cryptosytems." Abstract presented at Crypto '95 (rump session), Santa Barbara, CA, August 1995. PostScript. netescrow.ps netescrow.tex M. Blaze, "Oblivious Key Escrow." Revised paper originally presented at Cambridge Workshop on Information Hiding, May 1996. Postscript/LaTeX source. policymaker.ps M. Blaze, J. Feigenbaum and J. Lacy, "Decentralized Trust Management." IEEE Conference on Security and Privacy, Oakland, CA, May 1996. PostScript. quantize.shar CPU time quantization functions for Unix (helpful against Kocher's timing attack on various public-key cryptosystems). sesscrypt.ps PostScript reprint of M. Blaze and S. M. Bellovin, "Session-Layer Encryption." Proceedings of the USENIX Security Workshop, June 1995. swipe.id ASCII text of J. Ioannidis and M. Blaze, "The swIPe IP Security Protocol." Internet Draft, December 1993. swipeusenix.ps PostScript reprint of J. Ioannidis and M. Blaze, "Architecture and Implementation of Network Layer Security Under UNIX." Proceedings of the Fourth USENIX Security Workshop, October 1993. testimony.txt My prepared testimony before the Senate Commerce Committee subcommittee on Science, Technology, and Space. June 26, 1996 To reach me by email, use mab@research.att.com. For CFS related queries, use cfs@research.att.com. -matt
96Jan18 Commerce Releases Crypto Availability Report The US Department of Commerce today released a report on the international market for encryption software. The report, which was jointly produced by the Commerce Department's Bureau of Export Administration and the National Security Agency reviews the foreign availability of encryption products and other nations' import, export and domestic use policies.
From: Rich Salz Thu, 17 Aug 1995 Just heard on the 11:30pm NPR news update. The Clinton Administration has changed the crypto export policy. You will now be allowed to export strong crypto, provided it is a key escrow system. The reporter (Dan Charles?) said something like anyone can hold the keys, as long as they will be made avail when presented with a court order. He also said, US citizens will still be able to use strong crypto without key escrow internally. Terrorists and drug pushers were given as "reasons."
U.S. to Urge A New Policy On Software Attempt at Compromise On Scrambling of Data The New York Times, August 18, 1995, pp. D1, D6. By John Markoff The Clinton Administration broke a year of silence on its data-scrambling policy yesterday by saying it would soon propose an alternative to the Government's so-called Clipper Chip system, which has been widely criticized by makers and users of computer technology.
Recent News From: Vic Sussman [vic@clark.net] U.S.NEWS & WORLD REPORT, AUGUST 14, 1995 TAPS FOR THE CODE BREAKERS The cryptographer who riled the federal government over his popular encryption software, PGP (``Pretty Good Privacy"), claims he is only a few weeks away from launching yet another dazzling piece of software: PGPfone. Philip Zimmermann's latest product permits virtually untappable telephone conversations through personal computers. But the launch of the software, which uses military-grade encryption to scramble transmissions, is likely to sharpen the debate among those who worry about such technology falling into criminal or enemy hands and those who consider it essential for secure communications, especially on the Internet. In a test of the new software last week, a U.S. NEWS writer, using a microphone-equipped laptop in Washington, found the encrypted conversation with Zimmermann in Boulder, Colo., to be remarkably clear. Zimmermann, who ran afoul of the government over charges--strongly denied--that he illegally ``exported" the PGP software on the Internet, says he plans to give away his new software for free. Why? ``I can't simply stop doing what I do because I'm afraid of angering the government," he says. ``Americans have a right to private conversations." Copyright, 1995, U.S. News & World Report All rights reserved.
Russian Statutes Restricting Use of Encryption Technologies by Mikhail Solton The recent Edict of the Russian President Yeltsin "On Measures to Observe the Law in Development, Production, Sale and Use of Encryption Devices and on Provision of Services in Encrypting Information" dated April 3, 1995 (the "Edict"), and restricts use of encryption technologies by Russian government agencies, State-owned, private and foreign entities, and complements a rapidly growing body of law publicly regulating activities which previously were the exclusive domain of the KGB, other national security agencies, and of the military.*1
The Persecution of Phil Zimmerman by Jim Warren I write this today, March 2nd, because I envision the possibility of somehow being enjoined from speaking or writing about this, by a federal grand jury in San Jose, next Tuesday.
Lost In Kafka Territory U.S.NEWS & WORLD REPORT The Feds Go After A Man Who Hoped To Protect Privacy Rights. If anyone on Earth can claim to be a cyberspace celebrity, it is Philip Zimmermann, a soft-spoken data security consultant from Boulder, Colo. Every day, he is discussed on the Internet and computer bulletin boards in nearly 200 countries and is deluged with E-mail that treats him as a hero, a villain or a victim.
A Pretty Bad Problem: Forward to PGP User's Guide by Phil Zimmerman by John Perry Barlow I love irony, and there lies in this book an irony as striking as any I know. It is this: that a computer program with the cute li'l ol' name of Pretty Good Privacy, written by an apparently unformidable gnome on a tight budget, now terrifies a security monolith that required half a century, uncounted billions of dollars, and the collective IQ's of a few thousand geniuses to develop. This book and the software it describes, as brief and modest as its author, could very well be the root tendril that will grow into the National Security State and shatter it. It that is true, it's probably only a little hyperbolic to claim that you are holding a work as liberating as Common Sense, or, viewed through another set of bunker slits, as socially disruptive as Mein Kampf.
Where
To Get PGP Pretty Good Privacy
A Pretty Bad Problem: Forward to PGP User's Guide by Phil Zimmerman by John Perry Barlow I love irony, and there lies in this book an irony as striking as any I know. It is this: that a computer program with the cute li'l ol' name of Pretty Good Privacy, written by an apparently unformidable gnome on a tight budget, now terrifies a security monolith that required half a century, uncounted billions of dollars, and the collective IQ's of a few thousand geniuses to develop. This book and the software it describes, as brief and modest as its author, could very well be the root tendril that will grow into the National Security State and shatter it. It that is true, it's probably only a little hyperbolic to claim that you are holding a work as liberating as Common Sense, or, viewed through another set of bunker slits, as socially disruptive as Mein Kampf.
Misconceptions about PGP 2.6 from MIT by Phil Zimmerman; PGP's author: Phil sent this out to cypherpunks, and asked me to forward it to the rest of the world. Apparently there's been a lot of weird rumours flying about.
PGP Privacy Wars by Deborah Russel Cryptography used to be an arcane subject of interest only to the most secret military and intelligence agencies and to a handful of academics. Things have changed. World Report, April 3, 1995
PGP Privacy Wars by Deborah Russel Cryptography used to be an arcane subject of interest only to the most secret military and intelligence agencies and to a handful of academics. Things have changed.
Misconceptions about PGP 2.6 from MIT by Phil Zimmerman Phil sent this out to cypherpunks, and asked me to forward it to the rest of the world. Apparently there's been a lot of weird rumours flying about.
Computer-Related Political Groups PGP is a very political piece of software. It seems appropriate to mention here some computer-related activist groups that are concerned with issues such as impacts of computers on society, algorithm patents, etc. Here is some information on these groups, provided by each group.
Start with pgpdoc1.txt , pgpdoc2.txt , and politic.doc
PGP
Public Keyservers There are PGP public key servers which allow one to exchange
public keys running through the Internet and UUCP mail systems. The information below
is OUT OF DATE, and the release of PGP 2.6 will cause a great deal of upheaval, especially
in the U.S. The command reference is the most useful part.
Passphrase FAQ by Grady Ward How to choose good pass phrases
World of Cryptography Most of the things on this page are specifically for the Macintosh environment. You might, however, find some other useful things for other platforms, but I don't guarantee much.
Readme.asc Welcome to the MacPGP2.6 (1.1.1) Distribution of June 9, 1994. If you are reading this file, you have already extracted the first auto-expanding archive. You will find that besides this README file you also have an executable file named "MacPGP2.6-Installer" and a "MacPGP2.6-Installer.asc".
PGP Format Documentation newfor22.doc , newfor23.doc , newfor24.doc , newfor25.doc , newfor26.doc , pgformat.doc
Software License Agreements for RSA and MIT
Speak Freely by John Walker I've just released to the public domain Release 5 of Speak Freely for Windows and its Unix counterpart, Netfone for Sun and Silicon Graphics workstations. Assuming you have a fast enough connection to the Internet (with reasonably consistent packet delivery time) and/or a fast enough CPU to perform audio compression in real time, you can talk to anybody on Earth connected to the Internet who's also running the program. http://www.fourmilab.ch/netfone/windows/speak_freely.html describes the Windows version in detail and contains pointers to the Sun and SGI editions, as well as links to download source code and a ready-to-run executable for Windows.
Non-repudiation for E$ by Bob Hettings
Cypherpunks Discussion Archive
The federal government has dropped all charges against Phil Zimmermann, the author of the popular encryption program Pretty Good Privacy. In a letter addressed to Zimmermann's attorney Philip L. Dubois, federal prosecutors Michael Yamaguchi and William P. Keane wrote that " The U.S. Attorney's Office in the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed."
Mr. Zimmermann told the EPIC Alert that he was "greatly relieved." The software programmer, who has become a folk hero to hundreds of thousands Internet users as he has also lived daily with the threat of federal indictment said, "I am thrilled and elated by the decision."
Copies of PGP and PGPFone may be downloaded from the EPIC web site at http://www.epic.org/privacy/tools.html