Copy Link
Add to Bookmark
Report

Keep Out magazine Volume 1, Number 2

Keep Out features stories on Pretty Good Privacy's Signature Bug, Beginner's Guide to Using Remailers, Interview With Remailer Operators and story on The Web Of Trust and Digital Signatures.

eZine's profile picture
Published in 
Keep Out
 · 2 years ago

-----BEGIN PGP SIGNED MESSAGE-----

Keep Out
Volume 1, Number 2
October/November 1994

In this issue

  • Pretty Good Privacy's Signature Bug
  • How to use anonymous remailers; A Beginner's Guide
  • Why Run a Remailer? An Interview With Erich Von Hollander
  • For Beginners: The Web Of Trust and Digital Signatures

Preface To The Electronic Edition

By John Schofield


Welcome to the second electronic edition of Keep Out! There will always be an electronic edition of Keep Out, released approximately one month after the paper version. This is intended to increase subscriptions to the paper version.

The issues and ideas discussed in Keep Out are too important to limit them to those who can afford a subscription to Keep Out. This electronic edition may be distributed freely anywhere in the world, as long as no more than a small fee for duplication is charged.

If you would like to receive a free sample issue of Keep Out, with no strings attached, simply send your postal address to Keep.Out@Sprawl.Expressnet.Org, or to "Keep Out" at 1:102/903.0 on Fidonet, or call voice to (818) 345-8640, or mail your request to:

Keep Out Sample Issue
P.O. Box 571312
Tarzana, CA 91357-1312

If you enjoy Keep Out, either in the electronic or printed versions, I strongly encourage you to subscribe. Subscriptions only cost $15 per year, for six full issues of electronic privacy information. Foreign subscriptions are a little more expensive, at $25, to cover the increased mailing costs. See the advertisement at the end of this file for more information on subscribing to Keep Out.

Publisher's Note

By John Schofield

Privacy advocates since the time of Jefferson have known that government agencies will tend to expand their roles beyond their original purpose. That is one of the reasons for the checks and balances built into the American system of government.

Now that tendency to expand has a name: "mission creep."

The Los Angeles Times defines mission creep as, "the kind of unconscious expansion of U.S. troops' basic role in a foreign operation that helped turn the intervention in Somalia last year into a debacle."

In Somalia, the military suffered from mission creep when their goals changed from simply ensuring security to the much more difficult goal of apprehending clan leader Mohammed Farah Aidid.

Unfortunately, the military is not the only organization that suffers from mission creep.

A grand example of this is the Federal Communications Commission (FCC). The FCC was started because there are a limited amount of radio frequencies available on the spectrum, and a potentially unlimited number of people wanting to use that spectrum.

Thus, the FCC had the valid purpose of allocating that scarce resource fairly_arbitrating disputes and making sure that one broadcast did not cause trouble with another.

However, the FCC is now regulating content.

This is clearly something it has no business doing. As comedian Tom Smothers once said, "The ultimate censorship is the flick of the dial." If people find a show offensive, they will not watch it.

What does this have to do with privacy?

Mission creep is not limited to the FCC and the military.

Privacy advocates have to be ever-vigilant. Some laws, such as the FBI's "wiretap bill," are clearly harmful. The "wiretap bill" requires telephone companies to use equipment that makes telephone taps easier for law enforcement to install.

Other proposals, though, are not as obviously harmful. A national ID card has been discussed in two recent Clinton administration initiatives, in the guise of providing health care (a national health-care card) and as a work card (to stop illegal immigrants from using forged papers to get work.)

Is a national ID card a bad idea? It would certainly help to solve some perceived problems, such as employers hiring illegal immigrants.

However, in looking at the "con" side of the proposal, it is important to look also at the effects of mission creep.

For, as surely as the Somalis turned against the U.S. soldiers, any government agency or plan will grow beyond its original charter.

A national ID card is the first step towards the kind of internal passport required to travel in the cold war-era Soviet Union.

Government officials, of course, decry this as paranoia. But the inescapable fact of mission creep remains.

We need to study the immediate effects of new government and business proposals, but we also need to pay great attention to these proposals' long-term potential for harm.

Privacy advocates have long known this. Now, with mission creep becoming a common word, perhaps more people will realize its dangers.

Keep Out Policy Statements

Mission Statement

Electronic Privacy will become increasingly important in each of our lives as computers and telecommunications bring people closer together.

Keep Out is dedicated to the idea that everyone has the ability and the right to decide their own destinies. That no one should decide what people read or write or whom they talk to.

New technologies exist that make it a great deal easier than in the past to monitor whom people talk to and what they say and do.

Keep Out's mission is to investigate ideas and products that make people harder to monitor and control, and to popularize those ideas and products by making them easier to understand and use. Through this, Keep Out aims to preserve the existence of individual liberty and freedom in the USA and the world.


Privacy Statement

Keep Out's mailing list will not be released to anyone for any reason. All information about Keep Out subscribers is confidential.


Letter Policy

Letters will be printed exactly as received. Letters must be shorter than 300 words. Pseudonyms and initials will not be used, but names may be withheld by request. Keep Out will not publish letters that are libelous. It may not be possible to print all letters received; the Keep Out Editorial Board reserves the right to print only those letters it deems most of interest to Keep Out readers. Letters are the opinions of their authors, and not necessarily of Keep Out.


Advertising Policy

Keep Out reserves the right to refuse an advertisement for any reason. Keep Out will refuse an advertisement if, in the opinion of the Keep Out Editorial Board, the advertisement tends to mislead readers. Keep Out's editorial content is completely independent of its advertising.


Contact Information

Internet: keep.out@sprawl.expressnet.org

Fidonet: "Keep Out" at 1:102/903.0

Voice: +1-818-345-8640

BBS/FAX: +1-818-342-5127

Snail Mail: P.O. Box 571312
Tarzana, CA 91357-1312
USA


Keep Out magazine is published bimonthly by Keep Out, founded by John Schofield. Copyright Keep Out 1994. All rights reserved by Keep Out. Reproduction without permission is prohibited. Keep Out is not responsible for unsolicited materials. Printed in the USA.


Keep Out Staff Roster
Publisher: John Schofield (sysop@sprawl.expressnet.org)

Copy Editor: Amy K. Hood
Cover by: Marcos Borregales (Masamune@sprawl.expressnet.org)
Internet Services: ExpressNet (shane@expressnet.org)
Ad Consultant: Julie Bailey
Consultants: Don Adler
Michael Bendgen

Advertisement

Pretty Good Privacy(tm)

* Privacy
ViaCrypt PGP is the perfect tool for anyone who values the privacy of their proprietary or sensitive information.

* Strength
ViaCrypt PGP is the strongest privacy program available to the civilian world.

* Interoperability
All versions of ViaCrypt PGP are completely interoperable.

* Control
With ViaCrypt PGP you are in complete control of your privacy. YOU create your keys. YOU decide who to trust.


Versions available for Macintosh, DOS/Windows and UNIX.


ViaCrypt(tm) PGP(tm) is the world's most popular and secure software program for e-mail and file privacy. ViaCrypt PGP is fully licensed for personal, commercial, and government use.


Single User Prices:
ViaCrypt PGP for Windows (Sept.) $124.98
ViaCrypt PGP for MS-DOS $99.98
ViaCrypt PGP for Macintosh (Sept.) $124.98
ViaCrypt PGP for UNIX $149.98
ViaCrypt PGP for WinCIM/CSNav $119.98


ViaCrypt
2104 West Peoria Avenue
Phoenix, Arizona 85029

Orders: (800) 536-2664
Information: (602) 944-0773
FAX: (602) 943-2601
Internet: viacrypt@acm.org
CompuServe: 70304,41

Signature Bug Afflicts PGP

By John Schofield

No complicated program is without bugs, and yet it is unsettling when an important bug surfaces in a program we depend on.

A major bug was discovered in Pretty Good Privacy (PGP) during the week of September 25.

Philip Zimmermann, PGP's original author, said the bug, "has been there since [PGP version] 2.0," and affects all versions of PGP from 2.0 on, including 2.6.1, the unofficial international version (2.6ui), and the commercial version produced by Viacrypt, called 2.7.

Zimmermann said a bug-fixed version of PGP would be released "in a few days," from the normal distribution site at the Massachusetts Institute of Technology (MIT).

[Editor's Note: The new version, called 2.6.2, has been released.]

Leonard Mikus, Viacrypt president, said there would be no new release of Viacrypt PGP 2.7, but that, "The next time we have diskettes made we will update the program. We will make a free update available to anyone who has the problem."

The bug only affects PGP's clearsig function, and causes PGP to appear to validate a message's signature, even though the message has been tampered with.

PGP has three different ways of signing a message--binary, ASCII- armor, and clear-signing, also known as clearsig.

In a binary signature, PGP will sign the message in a format that only computers can read. This is useful if you do not need to send the signature through e-mail.

If you do, that's where ASCII-armor and clearsigning come in. ASCII-armor is simply a way PGP translates binary information (readable only by computers) to text that is readable by humans, and can be transmitted through e-mail. Binary information can not be sent by e-mail unless it is translated into text.

Clearsigning is a way of making the signed text clearly visible. Figures 1 and 2 are examples of clearsigning. This separates the signed text from the signature, and does not change the signed text.

Clearsigned signatures are used most often in e-mail and in public conferences, such as newsgroups on the Internet, echos on Fidonet, and public discussion areas on bulletin board systems.

When PGP users are aware of the bug, it is not terribly important--there are workarounds. However, when PGP users are not aware of the bug, the possibility for serious fraud exists.

The bug exists because of the way PGP checks for header information. A header is a series of lines of text at the beginning of a message, terminated by a line with only a carriage return on it.

In Figure 1, the "Version:" and "Comment:" lines in the signature block are headers. When checking the signature, PGP ignores headers.

The problem comes because PGP also checks for and ignores headers in the message text section of the signed message. Zimmermann said PGP checks for headers there because "we want to put some fancy header information there in future versions."

Since PGP ignores everything in the header when checking signatures, it will verify a falsified message, like the one in Figure 2.

Worse yet, it is not possible to tell a fraudulent message from a genuine one simply by looking. The fraudulent message in Figure 2 is easily identifiable as fraudulent, because the first line is not blank. However, it would be easy for someone to put a space character or a tab on the first line of the message. PGP would identify this as part of the header, but it would appear blank to the recipient.

This is not as bad as it seems at first, though.

Whenever you check a signature, PGP will output a file containing only the signed text. This file is identical to the original text signed by the message author.

Since PGP completely ignores the forged header information, the forged text will not be in this output file.

Until a bug-fixed version of PGP is released, the best remedy is to check the output text every time you check a signature. The output text has always been accurate, and is accurate now.

It is important to emphasize that this is not a bug in the way PGP checks message signatures, but rather a bug in the way PGP decides what part of the message to check. The underlying mathematical methods are as strong as they have ever been, and PGP is still secure.

Zimmermann described the bug as an "optical illusion" because "if you're not paying attention, [the forged text] looks like it is part of the message."

"We didn't make it rigorous enough in syntax checking. It will take any old text there and think it's header information," Zimmermann said.

"I've only known about [the bug] for the past three or four days. I've been aware of it in some sense since [PGP version] 2.0, I just didn't know that anyone thought of it as a bug. I thought it was good that header information could go there."

Mikus said he does not consider the problem too important.

"If you armor it, you don't have the problem. Most people don't sign it cleartext. It isn't the mode most people use it in. [The bug] probably affects very few actual PGP users."

The bug only appears when PGP clearsigns messages. When PGP signs a message in binary mode, or signs it in ASCII-armor mode, the signatures are valid.

Mikus did say, however, that it "could be misleading if anyone uses it in that mode. As long as the recipient understands what's going on, he'll know how to interpret it."


=======================================
Figure 1: A Valid Message
- -----BEGIN PGP SIGNED MESSAGE-----

This is a sample PGP message. This is the only valid paragraph in
this message. This is a two-line message.

- -----BEGIN PGP SIGNATURE----- 
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.

iQCVAwUBLxGbXmj9fvT+ukJdAQHovwP9HfYshnqyVwdl626olpB1QIjWlEaF+Qzq
8ZM6sgWO97yAYV1U5ivezOfZbZnkgIwN+4XSuTln6ZHuM5hY4Ruf/p6Ndig70j14
+H3tprBGAFSX7hXz9u+l611wrsIOR1B3Zb9WLDVFyCirPVfNos5kjHnX4M7QOI8w
oDQeUvYnolk=
=Y8yC
- -----END PGP SIGNATURE-----

=======================================
Figure 2: A falsified message
- -----BEGIN PGP SIGNED MESSAGE-----
This is bogus text that PGP thinks is a header. PGP will not check this paragraph when it checks the signature, only the last paragraph. PGP considers this message identical to Figure 1.

You can even have what appears to be blank lines in the forged message, by putting a tab on them, as was done on the line above this paragraph.

This is a sample PGP message. This is the only valid paragraph in this message. This is a two-line message.

- -----BEGIN PGP SIGNATURE----- 
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.

iQCVAwUBLxGbXmj9fvT+ukJdAQHovwP9HfYshnqyVwdl626olpB1QIjWlEaF+Qzq
8ZM6sgWO97yAYV1U5ivezOfZbZnkgIwN+4XSuTln6ZHuM5hY4Ruf/p6Ndig70j14
+H3tprBGAFSX7hXz9u+l611wrsIOR1B3Zb9WLDVFyCirPVfNos5kjHnX4M7QOI8w
oDQeUvYnolk=
=Y8yC
- -----END PGP SIGNATURE-----


Advertisement

Chatterbox! BBS
LA's Best Entertainment BBS!

(818) 718-1600
8-n-1

  • 11+ GIGABYTES OF FUN!
  • DATING AND MATCHMAKING
  • NATIONWIDE FAX SERVICE
  • 12 CD ROM's ON-LINE
  • OVER 80,000 LIBRARY FILES
  • THOUSANDS OF PHOTOS (ADULT, ETC.)
  • INTERNET ACCESS (chatrbox.com)
  • RIP-VGA GRAPHICS-USE YOUR MOUSE!
  • MULTI-USER GAMES (D&D, CHESS, SCRABBLE, MANY OTHERS)

CHATTERBOX! BBS - Your REST STOP on the INFORMATION SUPER HIGHWAY!

HAVE YOUR OWN INTERNET ADDRESS WITHIN MINUTES OF CALLING.

28.8K HIGH SPEED ACCESS NOW AVAILABLE

Return to Sender: Running a Remailer

By John Schofield

Like much of modern technology, anonymous remailers can be double-edged swords.

Remailers are used to send anonymous messages that are almost impossible to trace to their originators.

This capability can be used beneficially. An often-quoted example is to help an executive come forward and get support for childhood abuse or help with alcoholism. Or to help an engineer find out something he really should know, but doesn't.

But remailers often have a dark side as well. They can be used to harass people, to send out pirated software, or even to send truly untraceable ransom notes.

Erich von Hollander is a remailer operator, and he spends far more time than he would like resolving problems related to his remailer. (Von Hollander operates the soda.berkeley.edu remailer.)

"There are complaints all the time. Once a month there will be a pretty raging flame war."

Another problem von Hollander mentioned is "the morons who post homophobic flames."

Von Hollander spends about an hour a day resolving problems with the remailer.

He said his remailer, which is based on code written by Hal Finney and Eric Hughes, "is a very internationally used remailer. My site is probably two or three in the world [in terms of use] after the Finnish remailer."

The Finnish remailer Von Hollander is referring to is the anon.penet.fi system, run by Johan Helsingius.

Von Hollander said he handles problems on a case-by-case basis.

"If it's not too serious, I send them e-mail. If it is serious, I block that address from sending mail [through the remailer]."

Von Hollander says he uses the logs the remailer keeps to track down people who misuse it.

"The reason I keep logs is that it's an experimental remailer, and I need them to track down bugs. And I'd have been shut down long ago if I didn't have the ability to track people down.

"That makes it less secure. It's primarily an experimental remailer, doing remailer research, and only secondarily to provide a service."

He prefers that, "if anyone is doing something illegal, I suggest that they chain [and encrypt] it, because I don't want to be able to tell who they are."

Von Hollander said his remailer has almost been shut down a couple of times because of complaints.

With remailers, complaints are inevitable, von Hollander said. "I knew people would abuse it. It is a given that a certain percentage of people are immature and do stupid things. You can count on people doing stupid things. People aren't going to wake up.

"I didn't know that the remailer would be as big as it has. I didn't know that the volume of problems would be as great. I spend too much time resolving problems, when I'd rather be [writing software]."

Von Hollander said it takes very few resources for someone to operate a remailer.

"The only hardware is something that runs Perl and Sendmail, and pretty much any UNIX machine would do that. You could get a 386 box and run Linux on it, which is a free operating system. It will run on a lot of different things."

Von Hollander said the only other requirement is a UUCP connection to the Internet, which is available inexpensively many places.

"The remailer code out there is good stuff. I would encourage everyone to run a remailer. If you use one you should also run one. You don't have to be a programmer. It doesn't take a lot of system resources."

Von Hollander also said that Pretty Good Privacy [PGP] and remailers "go hand in hand. Everyone who uses the remailer should learn and use PGP."

Although Von Hollander said he doesn't like the amount of time he spends resolving problems, he has not yet had to deal with serious abuse of the remailer.

"It's just people being rude and annoying. I have not had to deal with real criminal activity. Nobody has sent child porn or pirated software yet. It's only a matter of time, and unlike Johan [Helsingius] in Finland, I am under the US's more constrictive laws, so if someone sends child porn through it, I may go to jail. They may seize the machine. I just hope nobody does it because I don't want to deal with it."

Von Hollander said one way to reduce his potential legal liability is to require that messages be encrypted.

"If it's encrypted, then I can't read it and I'm certainly not responsible for it."

Although Von Hollander started the remailer because it "seemed cool," he has philosophical reasons for continuing to operate it.

"Anonymity should be the default. There aren't a lot of cases where your name needs to be used. Unfortunately, our society is moving in the opposite direction, where your social security number and driver's license needs to be given to do anything."

"If I don't get my license renewed, I can't buy a drink. That's ridiculous. An expired license is still proof of age. Agencies are expanding their authority way past what their charter is."

"I'm fighting this the only way I can, which is on the net. I don't know how much this is actually doing, but it's a start."

Von Hollander said the biggest influence of remailers has been on the sex newsgroups, but he foresees different changes.

"The biggest effect in the future might be the conflict between anonymity and copyright law."

When copyright violators can easily and anonymously distribute information widely, traditional copyrights become almost impossible to enforce.

How To: Anonymous Remailers

By John Schofield

Internet anonymous remailers have great potential for good, and great potential for harm. But before you can use them for anything, you need to know how.

Let's start by looking at one of the first remailers in operation, and certainly the busiest--the anon.penet.fi remailer in Finland.

This remailer is fairly simple to use and understand, so we will start looking at this one before moving on to the more complex (though still easy to use) Cypherpunk remailers.

The anon.penet.fi remailer is pseudonym-based. This means that the remailer at all times has a record of the real e-mail addresses of the people who use it. As we will get into later, the Cypherpunk remailers do not keep records of who uses them.

To receive an anonymous ID from the remailer, simply send e-mail to ping@anon.penet.fi. You will receive a message giving you an anonymous ID. For instance, my (no longer) anonymous ID is an105875@anon.penet.fi.

Before you can use the remailer, you need to tell it a password to use. This prevents someone from pretending to be you, and finding out what anonymous ID you have.

To set a password, send a message to password@anon.penet.fi. The subject does not matter. The body of your message should contain only your password.

Now, to send someone an anonymous message, you would address it to anon@anon.penet.fi. Then on the first line of the message, you would put "X-Anon-To: exene.cervenka@x.com." The second line would be "X-Anon-Password:" and your password. The remailer would deliver the message to Exene Cervenka (assuming that really was her e-mail address), without her being able to tell who the message was from. See Figure 1 for an example of this type of message.

Posting mail in an Internet newsgroup is very similar. Instead of putting the e-mail address after the "X-Anon-To" header, you would put the newsgroup name. For instance, having a header of "X-Anon-To: alt.sex.smurfs" would post the message to that newsgroup. (That newsgroup is ficticious. At least, I hope it is.)

In both cases, the "From:" on the remailed message would be your anonymous pseudonym, not your real e-mail address. If anyone replies to one of your anonymous messages, the remailer would send the message to your real e-mail address as soon as it received the message to your pseudonym.

Using the Cypherpunks remailers is more secure than using the anon.penet.fi remailer, because Cypherpunks remailers are not alias-based.

That means that they do not keep a permanent record of remailer users, and do not match up anonymous id's with real e-mail addresses. Cypherpunks remailers are one-way only. (Some Cypherpunks have written remailers that allow replies, without keeping usage records. Send e-mail to "remailer@soda.berkeley.edu" with a subject of "remailer-info" for more information on one.)

To use a Cypherpunk remailer like the one at remail@c2.org, you would simply put the line "Request-Remailing-To:" and an e-mail address in the message header.

Since many people do not have the ability to modify message headers on their systems, you can also put a line with two colons on the first line of the message. Anything after that, up to the first blank line, will be considered part of the header by the remailer. An example of this is in Figure 2.

To post through Cypherpunk remailers to Internet newsgroups, you must use a mail-to-news gateway. This is a computer that looks for messages addressed in a certain way, and posts them to an Internet newsgroup. For instance, to post to the sci.crypt newsgroup, you would send mail to sci-crypt@cs.utexas.edu.

Simply write the name of the newsgroup you wish to send to, replacing periods with dashes, and add "@cs.utexas.edu" to the end of it. The computer at cs.utexas.edu will post to whatever newsgroup you specify. There are other mail-to-news gatways available.

You can also "chain" remailers, which adds considerably more security to the process. Chaining is simply sending a message through more than one remailer before it reaches its final destination.

To do this, just put more "Request-Remailing-To" lines in your message. See Figure 3 for an example. The first remailer in the chain will strip off the commands to it, leaving the "::" line and the "Request-Remailing-To" line for the next remailer in the chain.

Most Cypherpunk remailers also support encryption, using the Pretty Good Privacy (PGP) encryption program, written by Philip Zimmermann. Simply put the line "Encrypted: PGP" in the message header. As with other header lines, if you can not put it in the header, put it as the second line in the message body, with a "::" on the line before it, and a blank line after it.

This way, it is possible to put the address to be remailed to in the encrypted text, with a "::" line, and the remailer will send it to its final destination.

It is even possible to chain encrypted messages, which adds a great deal of security to the system.

When encrypted messages are chained, none but the last remailer in the chain will know the final destination of the message. The first remailer in the chain knows it is sending an encrypted message to another remailer. The second remailer decrypts the message, finds the final destination of the message, and remails it. The second remailer only knows where the message originated from (the first remailer), not the person who actually wrote the message.

To determine the author of a chained message, you would need to subvert (or subpoena) every remailer operator in the chain. Assuming you used a chain of six remailers in six countries, it would be almost impossible to determine the message's author.

Chaining encrypted messages is simple--you work backwards.

First, you create the message "Hey, Fred." and the "Request-Remailing-to:" directions for the last remailer, to tell it the final destination of the message.

Then you encrypt that message with the PGP key of the last remailer in the chain. So you have a PGP-encrypted message. Now you put a "Request-Remailing-To" line and an "Encrypted: PGP" line at the top of the message. See Figure 4 for an example.

In Figure 4, the "Request-Remailing-To" line tells the first remailer where to send the message. The "Encrypted: PGP" message is for the second remailer, and tells it to decrypt the message. It will decrypt the PGP message, read the final address, and send it there.

Cypherpunk remailers that support encryption even support a kind of "return address" people can use to reply to you.

Simply write YOUR e-mail address with a "Request-Remailing-To" line and a "::" line, and encrypt them with the remailer's public key.

Include them at the end of your message, with instructions to move the encrypted block to the beginning and include an "Encrypted: PGP" line in the header. If your correspondent does that, you will receive the reply, without he or she having the slightest idea who you are.

The remailer will decrypt the PGP message, and see that it should remail the message to you. However, since only the remailer can decrypt that message, nobody else can detect who you are. It works quite well.

There is much turnover in the ranks of remailer operators. They tend to come and go quite often.

A list of Cypherpunks remailers is in Figure 5. To receive a current list of remailers, you can finger
remailer-list@kiwi.cs.berkeley.edu.

If you do not have access to finger, much information on remailers is available on the Cypherpunks mailing list. Send e-mail to cypherpunks-request@toad.com for information on joining the list.


=======================================
Figure 1 (Your messages may not be displayed in this format on your system.)

From: ac086@lafn.org
Subject: Debate
To: anon@anon.penet.fi

X-Anon-To: Mick.Jagger@stones.com
X-Anon-Password: Garble

Tell me you're not REALLY offering a Rolling Stones credit card, Mick!


=======================================
Figure 2 (Your messages may not be displayed in this format on your system.)

From: ac086@lafn.org
Subject: Your Music
To: remail@c2.org

::
Request-Remailing-To: john.doe@x.com

Hello there, John! How goes it?


=======================================
Figure 3 (Your messages may not be displayed in this format on your
system.)

From: ac086@lafn.org
Subject: Anonymity
To: hh@soda.berkeley.edu

::
Request-Remailing-To: remail@c2.org
::
Request-Remailing-To: exene@x.com

Hello, Exene. I love your music!


=======================================
Figure 4 (Your messages may not be displayed in this format on your system.)

From: ac086@lafn.org
Subject: Anonymity
To: remail@c2.org

::
Request-Remailing-To: hfinney@shell.portal.com

::
Encrypted: PGP

- -----BEGIN PGP MESSAGE----- 
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.

hIwDZu+GI0R7oCEBA/9kOO9DSx+7yI/GEWQ9IV0dPCsk5OZA2xLk9aGKTiBx8fxp
RQvZ3NSMWygXk/aklt5XU1+Bc1MK81PIGyXGXYkGULWV8Ba6nUsIYTO3Yeu4rnBT
jLJD4rETZ9JHnMl/uMUy/y8RZONdBKXna0xfbARuwMMInm49ZeysyTFQskLkr6YA
AAAt+dog4FPoib0UoeHdRRsFvjUWeIZse/5nDJN/wUCbXvTKyd5QZWCOkYO4tlFB
=thcO
- -----END PGP MESSAGE-----

=======================================
Figure 5: List of Cypherpunk Remailers

anon@vox.hacktic.
hal@alumni.caltech.edu
hfinney@shell.portal.com
lmccarth@ducie.cs.umass.edu
nowhere@bsu-cs.bsu.edu
remail@c2.org
remail@desert.xs4all.nl
remail@extropia.wimsey.com
remail@vox.xs4all.nl
remailer@ideath.goldenbear.com
remailer@jpunix.com
remailer@myriad.pc.cc.cmu.edu
remailer@nately.ucsd.edu
remailer@rebma.mn.org
remailer@soda.berkeley.edu
remailer@xs4all.nl
tomaz@flame.sinet.org
usura@xs4all.nl

Thanks to Raph Levien for compiling this information.

Beginners: Digital Signatures, The Foundation of the `Web of Trust'

By John Schofield

The "web of trust" is one of the most important and most misunderstood aspects of the data encryption program Pretty Good Privacy (PGP). The "web of trust" is the name Philip Zimmermann, PGP author, gave the network of key signatures that make it possible to exchange encrypted messages with people you have never met.

Used correctly, signatures make this web possible. Used incorrectly, they make it vulnerable to fraud and deception, and cause it to lose its most important element--security.

Before we can learn more about the web of trust, though, we must learn more about how PGP handles signatures. Digital signatures are the basis for the web of trust.

In the interest of clarity, we are going to talk about signatures only as they apply to messages. However, PGP can sign almost anything--messages, keys and programs, for example. PGP's signatures work the same no matter what material it signs.

There are two basic parts to every PGP signature. One part verifies that a message has not been altered since it was signed, and the other part verifies the identity of the person who signed the message.

First, PGP computes a hash of the message using the Message Digest 5 (MD5) method. A hash is simply a long number that changes depending on the contents of the message. MD5 was developed by Ron Rivest, one of the inventors of the RSA algorithm used for encryption in PGP.

PGP uses MD5 to generate a 16-byte hash of the message. If one character in the message changes, the hash will be completely different.

This ensures that a signature can not be simply cut and pasted from one signed message to another. Signatures are unique to the message that they sign.

But that leaves one hole wide open. Someone wishing to forge a message could write the message and use MD5 to attach their own hash to it. PGP would look at the hash, and verify that it matched the message.

That's where the other aspect of PGP's digital signatures comes in. After PGP generates the hash with MD5, it encrypts the hash with the signer's secret key.

This simple step adds real security to PGP's digital signatures. Let's demonstrate this by looking at how PGP checks a signature.

First, it looks at the signature to see what key it was signed with. If PGP can find the public key that goes with the signature, it can continue checking it. Otherwise, the signature is useless.

PGP uses the signer's public key to decrypt the signature. (Remember, it was encrypted with the secret key.) Then it compares the decrypted hash with one PGP generates right then. If the two hashes match, the signature is valid.

If the hash PGP generated did not match the hash contained in the signature, or PGP was unable to decrypt the hash, it means the message has been altered, and PGP will report a bad signature.

A forger could replace the hash in the message with a new hash that matches the altered message, but the forger could not encrypt his hash with the original signer's private key. Only the original signer has a copy of her private key. Thus, PGP signatures are secure against tampering and forgery.


The Problem of Key Authentification

Key authentification is a thorny problem in most public-key schemes. Anyone can create a key, claiming it belongs to someone else. How can you be sure the key you have actually belongs to the person you wish to communicate with?

One solution is to use a central certifying authority. This central authority would act somewhat like a notary public, certifying that a particular key belongs to a particular person. This scheme has been used in other public-key programs, such as Privacy Enhanced Mail (PEM) on the Internet.

PGP takes a different route. Instead of having a central certifying authority, PGP lets you decide who you trust, and who you do not.

Lets say Alice creates a public key. She could distribute it, but nobody would trust her key. There would be no way of telling whether Alice created the key, or whether it was created by an imposter trying to intercept Alice's messages.

To prove to people that her key actually belongs to her, Alice needs to have someone sign it. So Alice goes to a friend of hers, Bob, who agrees to sign her key. First, Bob verifies that the key he is signing is actually the key Alice generated, by verifying the key fingerprint over the telephone with Alice.

The key fingerprint is simply a section of the PGP key. The odds against two different keys having the same fingerprint are astronomical. When Alice tells Bob that the fingerprints match, he can be reasonably sure that the key he has belongs to Alice.

Then Bob signs the key, (with the command "PGP -KC ALICE") and gives it back to Alice.

Now when Alice distributes her key, anyone who trusts Bob will know that Alice's key is genuine.


A Small Problem

But what about Charles, who wants to communicate with Alice, but has never heard of Bob? What can he do?

If Charles does not trust Bob, he has no way of knowing whether Alice's key is genuine.

That is why everyone should get many signatures on their public key. It helps ensure that, when someone wants to communicate with you, there is a good chance that someone they trust has signed your key.

With PGP, you can define your level of trust for someone. If you think they are untrustworthy, PGP will ignore their signatures. If you think they are only partially reliable, PGP will require more than one signature before a key is trusted. You can tune the trust parameters of PGP to make it paranoid or relaxed about signatures.

You do this with the Completes_Needed parameter in PGP's CONFIG.TXT file. This is the number of completely trusted signatures needed to "trust" a key.

You can also change the number of partially trusted signatures needed for a key, with the Marginals_Needed parameter.

You can even change the number of levels of trust you want PGP to have. For instance, if you trust Bob, and Bob signed Charles' key, do you trust Charles' signature on Dave's key? How about Dave's signature on Erwin's key? It is all easily configurable with the Cert_Depth parameter.


Encrypting to Many

An interesting side effect of the way PGP handles encryption is the ability to encrypt a file so that more than one person can decrypt it, without adding much to the size of the file.

As we saw in the last issue, PGP's encryption is like an envelope, with the cleartext inside an IDEA "envelope," which is itself inside an RSA "envelope."

The cleartext message is encrypted with the IDEA encryption algorithm, and then only the IDEA key is encrypted with the RSA public-key algorithm using the recipient's public key. This gives PGP the benefit of fast single-key encryption and the key-management advantages of public-key systems.

This makes encrypt-to-many possible. Rather than encrypting the whole message several times, PGP just encrypts the IDEA key several times.

Let's say Alice wants to send the same message to Bob, Charles, and Dave, but doesn't want anyone else to intercept it. She could have PGP encrypt the message three times, but this would mean she would have to transmit three times as much information.

Alice can have PGP encrypt the message once, with the IDEA algorithm, and then encrypt the IDEA key with Bob's public key, with Charles' public key, and with Dave's public key. Rather than three whole messages, she just has to send the message and three encrypted keys.

Encrypting to many is as simple as putting more than one name on PGP's command-line.

PGP -E "John Schofield" Hood Carey

This would encrypt a message to John Schofield, Amy Hood, and Matthew Carey, assuming you have their public keys. Enclosing "John Schofield" in quotes allows you to have a space in the person's name.

Even though there is a space between "Hood" and "Carey," because they are not in quotes, PGP considers them two different names, and looks for "Hood" and "Carey," not "Hood Carey."

In the next issue, we will talk about what you need to do to fully install PGP on your system, and we'll look at all the ways you can customize it to suit your setup. It's a lot simpler than you think.

How to Get a Copy of PGP

* If you live in the USA or Canada

By modem:
The Penny University at 214-650-0382
Colorado Catacombs BBS at 303-772-1062
Rights On! at 407-383-1372
The Sprawl at 818-342-5127

Over the Internet:
To get PGP 2.6.2 from the Massachusetts Institute of Technology, telnet to net-dist.mit.edu, log in as getpgp and answer the questions. Then FTP to net-dist.mit.edu and change to the hidden directory you learned about in the telnet session.

Commercial Version:
If you want a version of PGP that can be used for commercial purposes, contact Viacrypt Inc. at (602) 944-0773. They sell a completely licensed version of PGP that is legal for use in the USA and Canada.


* If you live outside the USA and Canada

By Modem:
Dynamo Donut at +49-231-7261726

Over the Internet:

For source code to PGP 2.6ui:
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip

For DOS PGP 2.6ui executables:
ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP.pgp26uix.zip

Michael Paul Johnson (mpj@netcom.com) and matthew@mantis.co.uk
contributed greatly to this list.

Advertisement

Keep Out

Keep Out is the premier source for down-to-earth information on protecting your electronic privacy.

"It's a good buy for those who want to do something about privacy and not be bothered with the nitty-gritty of algorithms and politics," said Wired magazine on page 183 of their December, 1994 issue.

Keep Out gives you practical information on encryption, electronic anonymity, remailers, steganography, and every other technology that can affect your privacy.

A one-year (six-issue) subscription to Keep Out costs $15 ($25 outside the U.S. and Canada). Back issues of Volume 1, Number 1 are available at $7 per issue ($10 outside the U.S. and Canada).


The Sprawl

The Sprawl is an excellent on-line resource for privacy information. It has an extensive library of encryption and other privacy-related software, and many informative text files. The Sprawl carries all privacy-related Fidonet echos, as well as most privacy-related Internet Newsgroups and mailing lists.

Two hundred minutes of time on the Sprawl costs only $1. You can buy as much or as little time as you want. Test the Sprawl out for yourself at (818) 342-5127. Once you are voice-verified, you'll have one hour of paid time on the Sprawl given to you free to explore with.

=======================================

We can not accept credit cards, but checks and money orders (in U.S. funds) made payable to "Keep Out" are welcome.


P.O. Box 571312
Tarzana, CA 91357-1312
USA


(818) 345-8640 voice
(818) 342-5127 BBS/Fax


Fidonet: "keep out" at 1:102/903.0
Internet: keep.out@sprawl.expressnet.org

______________________________________________________________________
End-Of-File

-----BEGIN PGP SIGNATURE----- 
Version: 2.7
Comment: Call 818-345-8640 voice for info on Keep Out magazine.

iQCVAwUBLxWJDWj9fvT+ukJdAQGzzQQArK49cx7rZWktj/709TWZoWRIevRoA6W0
FMrkGrN3cZr8/c2SmjW99Zk3+HdqzFNTVAglGFp5Gdhaw7vq97Ij/8HuCeOuFiqK
jgqU+e62GmhyT3bzG4j4YENFLZgvD4RJJXSG7BgNXMncZv1K4tBQa/3Rls+0psf7
05ViqxK1IDw=
=Tn5Z
-----END PGP SIGNATURE-----

← previous
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT