Professional Documents
Culture Documents
2.1 copyright
THE CYPHERNOMICON: Cypherpunks FAQ and More, Version 0.666,
1994-09-10, Copyright Timothy C. May. All rights reserved.
See the detailed disclaimer. Use short sections under "fair
use" provisions, with appropriate credit, but don't put your
name on my words.
2.4 - Organizational
2.4.1. "How do I get on--and off--the Cypherpunks list?"
- Send a message to "cypherpunks-request@toad.com"
- Any auto-processed commands?
- don't send requests to the list as a whole....this will
mark you as "clueless"
2.4.2. "Why does the Cypherpunks list sometimes go down, or lose the
subscription list?"
- The host machine, toad.com, owned by John Gilmore, has had
the usual problems such machines have: overloading,
shortages of disk space, software upgrades, etc. Hugh
Daniel has done an admirable job of keeping it in good
1 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
3 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
immediately.
- The 'cyberpunk' genre of science fiction often deals with
issues of cyberspace and computer security ("ice"), so
the link is natural. A point of confusion is that
cyberpunks are popularly thought of as, well, as "punks,"
while many Cyberpunks are frequently libertarians and
anarchists of various stripes. In my view, the two are
not in conflict.
- Some, however, would prefer a more staid name. The U.K.
branch calls itself the "U.K. Crypto Privacy
Association." However, the advantages of the
name are clear. For one thing, many people are bored by
staid names. For another, it gets us noticed by
journalists and others.
-
- We are actually not very "punkish" at all. About as punkish
as most of our cyberpunk cousins are, which is to say, not
very.
+ the name
- Crypto Cabal (this before the sci.crypt FAQ folks
appeared, I think), Crypto Liberation Front, other names
- not everybody likes the name...such is life
2.4.11. "Why doesn't the Cypherpunks group have announced goals,
ideologies, and plans?"
- The short answer: we're just a mailing list, a loose
association of folks interested in similar things
- no budget, no voting, no leadership (except the "leadership
of the soapbox")
- How could such a consensus emerge? The usual approach is
for an elected group (or a group that seized power) to
write the charter and goals, to push their agenda. Such is
not the case here.
- Is this FAQ a de facto statement of goals? Not if I can
help it, to be honest. Several people before me planned
some sort of FAQ, and had they completed them, I certainly
would not have felt they were speaking for me or for the
group. To be consistent, then, I cannot have others think
this way about _this_ FAQ!
2.4.12. "What have the Cypherpunks actually done?"
- spread of crypto: Cypherpunks have helped
(PGP)...publicity, an alternative forum to sci.crypt (in
many ways, better...better S/N ratio, more polite)
- Wired, Whole Earth Review, NY Times, articles
- remailers, encrypted remailers
+ The Cypherpunk- and Julf/Kleinpaste-style remailers were
both written very quickly, in just days
- Eric Hughes wrote the first Cypherpunks remailer in a
weekend, and he spent the first day of that weekend
learning enough Perl to do the job.
+ Karl Kleinpaste wrote the code that eventually turned
into Julf's remailer (added to since, of course) in a
similarly short time:
- "My original anon server, for godiva.nectar.cs.cmu.edu
2 years ago, was written in a few hours one bored
afternoon. It
wasn't as featureful as it ended up being, but it was
"complete" for
its initial goals, and bug-free."
[Karl_Kleinpaste@cs.cmu.edu, alt.privacy.anon-server,
1994-09-01]
- That other interesting ideas, such as digital cash, have
not yet really emerged and gained use even after years of
active discussion, is an interesting contrast to this
rapid deployment of remailers. (The text-based nature of
both straight encryption/signing and of remailing is
4 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
5 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
6 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
7 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2.5 - Crypto
2.5.1. "Why is crypto so important?"
+ The three elements that are central to our modern view of
liberty and privacy (a la Diffie)
- protecting things against theft
- proving who we say we are
- expecting privacy in our conversations and writings
- Although there is no explicit "right of privacy" enumerated
in the U.S. Constitution, the assumption that an individual
is to be secure in his papers, home, etc., absent a valid
warrant, is central. (There has never been a ruling or law
that persons have to speak in a language that is
understandable by eavesdroppers, wiretappers, etc., nor has
there ever been a rule banning private use of encrption. I
mention this to remind readers of the long history of
crypto freedom.)
- "Information, technology and control of both _is_ power.
*Anonymous* telecommunications has the potential to be the
greatest equalizer in history. Bringing this power to as
many as possible will forever change the discourse of power
in this country (and the world)." [Matthew J Miszewski, ACT
NOW!, 1993-03-06]
2.5.2. "Who uses cryptography?"
- Everybody, in one form or another. We see crypto all around
us...the keys in our pockets, the signatures on our
driver's licenses and other cards, the photo IDs, the
credit cards. Lock combinations, door keys, PIN numbers,
etc. All are part of crypto (although most might call this
"security" and not a very mathematical thing, as
cryptography is usually thought to be).
- Whitticism: "those who regularly
conspire to participate in the political process are
already encrypting." [Whit Diffie]
2.5.3. "Who needs crypto? What have they got to hide?"
+ honest people need crypto because there are dishonest
people
- and there may be other needs for privacy
- There are many reasons why people need privacy, the ability
to keep some things secret. Financial, personal,
psychological, social, and many other reasons.
- Privacy in their papers, in their diaries, in their pesonal
lives. In their financial choices, their investments, etc.
(The IRS and tax authorities in other countries claim to
have a right to see private records, and so far the courts
have backed them up. I disagree.)
- people encrypt for the same reason they close and lock
their doors
- Privacy in its most basic forms
2.5.4. "I'm new to crypto--where should I start?"
- books...Schneier
- soda
- sci.crypt
- talk.politics.crypto
- FAQs other than this one
2.5.5. "Do I need to study cryptography and number theory to make a
contribution?"
- Absolutely not! Most cryptographers and mathematicians are
so busy doing their thing that they little time or interest
for political and entrepreneurial activities.
Specialization is for insects and researchers, as someone's
.sig says.
- Many areas are ripe for contribution. Modularization of
functions means people can concentrate in other areas,
just as writers don't have to learn how to set type, or cut
8 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
9 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
10 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
11 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2.5.20. "How safe is RSA?" "How safe is PGP?" "I heard that PGP has
bugs?"
- This cloud of questions is surely the most common sort that
appears in sci.crypt. It sometimes gets no answers,
sometimes gets a rude answer, and only occasionally does it
lead to a fruiful discussion.
- The simple anwer: These ciphers appear to be safe, to have
no obvious flaws.
- More details can be found in various question elsewhere in
this FAQ and in the various FAQs and references others have
12 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
published.
2.5.21. "How long does encryption have to be good for?"
- This obviously depends on what you're encrypting. Some
things need only be safe for short periods of time, e.g., a
few years or even less. Other things may come back to haunt
you--or get you thrown in prison--many years later. I can
imagine secrets that have to be kept for many decades, even
centuries (for example, one may fear one's descendents will
pay the price for a secret revealed).
- It is useful to think _now_ about the computer power likely
to be available in the year 2050, when many of you reading
this will still be around. (I'm _not_ arguing that
parallelism, etc., will cause RSA to fall, only that some
key lengths (e.g., 512-bit) may fall by then. Better be
safe and use 1024 bits or even more. Increased computer
power makes longer keys feasible, too.).
2.6 - PGP
2.6.1. There's a truly vast amount of information out there on PGP,
from current versions, to sites, to keyserver issues, and so
on. There are also several good FAQs on PGP, on MacPGP, and
probably on nearly every major version of PGP. I don't expect
to compete here with these more specialized FAQs.
- I'm also not a PGP expert, using it only for sending and
receiving mail, and rarely doing much more with it.
- The various tools, for all major platforms, are a specialty
unto themselves.
2.6.2. "Where do I get PGP?"
2.6.3. "Where can I find PGP?"
- Wait around for several days and a post will come by which
gives some pointers.
- Here are some sites current at this writing: (watch out for
changes)
2.6.4. "Is PGP secure? I heard someone had...."
- periodic reports, urban legend, that PGP has been
compromised, that Phil Z. has been "persuaded" to....
+ implausible for several reasons
- Phil Z no longer controls the source code by himself
- the source code is available and can be inspected...would
be very difficult to slip in major back doors that would
not be apparent in the source code
- Phil has denied this, and the rumors appear to come from
idle speculation
+ But can PGP be broken?
- has not been tested independently in a thorough,
cryptanalytic way, yet (opinion of tcmay)
- NSA isn't saying
+ Areas for attack
+ IDEA
- some are saying doubling of the number of rounds
should be donee
- the random number generators...Colin Plumb's admission
2.6.5. "Should I use PGP and other crypto on my company's
workstations?"
- machines owned by corporations and universities, usually on
networks, are generally not secure (that is, they may be
compromised in various ways)
- ironically, most of the folks who sign all their messages,
who use a lot of encryption, are on just such machines
- PCs and Macs and other nonnetworked machines are more
secure, but are harder to use PGP on (as of 1994)
- these are generalizations--there are insecure PCs and
secure workstations
13 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2.7 - Clipper
2.7.1. "How can the government do this?"
- incredulity that bans, censorship, etc. are legal
+ several ways these things happen
- not tested in the courts
- wartime regulations
+ conflicting interpretations
- e.g., "general welfare" clause used to justify
restrictions on speech, freedom of association, etc.
+ whenever public money or facilities used (as with
churches forced to hire Satanists)
- and in this increasingly interconnnected world, it is
sometimes very hard to avoid overlap with public
funding, facilities, etc.
2.7.2. "Why don't Cypherpunks develop their won competing encryption
chip?"
+ Many reasons not to:
- cost
- focus
- expertise
- hard to sell such a competing standard
- better to let market as a whole make these choices
2.7.3. "Why is crypto so frightening to governments?"
+ It takes away the state's power to snoop, to wiretap, to
eavesdrop, to control
- Priestly confessionals were a major way the Church kept
tabs on the locals...a worldwide, grassroots system of
ecclesiastical narcs
+ Crypto has high leverage
+ Unlike direct assaults with bombs, HERF and EMP attacks,
sabotage, etc, crypto is self-spreading...a bootstrap
technology
- people use it, give it to others, put it on networks
- others use it for their own purposes
- a cascade effect, growing geometrically
- and undermining confidence in governments, allowing the
spread of multiple points of view (especially
unapproved views)
2.7.4. "I've just joined the list and am wondering why I don't see
more debate about Clipper?"
- Understand that people rarely write essays in response to
questions like "Why is Clipper bad?" For most of us,
mandatory key escrow is axiomatically bad; no debate is
needed.
- Clipper was thoroughly trashed by nearly everyone within
hours and days of its announcement, April 16, 1993.
Hundreds of articles and editorials have condemned it.
Cyperpunks currently has no active supporters of mandatory
key escrow, from all indications, so there is nothing to
debate.
14 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
::
Request-Remailing-To: remailer@bar.baz
15 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2.11 - Legal
2.11.1. "Can encryption be banned?"
- ham operators, shortwave
- il gelepal, looi to waptime aolditolq
+ how is this any different from requiring speech in some
language?
- Navaho code talkers of WW2,,,,modern parallel
2.11.2. "Will the government try to ban encryption?"
- This is of course the major concern most of us have about
Clipper and the Escrowed Encryption Standard in general.
Even if we think the banning of crypto will ultimately be a
failure ("worse than Prohibition," someone has said), such
a ban could make things very uncomfortable for many and
would be a serious abridgement of basic liberties.
16 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
17 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
18 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
19 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
20 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
2. From the killer taking the money and then not performing
the hit, because the escrow agent holds the money until the
murder is verified (according to some prototocol, such a
newspaper report...again, an area for more work,
thankfully).
2.14 - Miscellaneous
2.14.1. "Why can't people just agree on an approach?"
- "Why can't everyone just support my proposal?"
- "I've proposed a new cipher, but nobody's interested...you
Cypherpunks just never _do_ anything!"
- This is one of the most consistently divisive issues on the
list. Often a person will become enamored of some approach,
will write posts exhorting others to become similarly
enamored, urging others to "do something!," and will then,
when no interest is evidenced, become irate. To be more
21 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
22 of 23 26/02/2009 6:30 PM
https://free.megaproxy.com/go/http://cypherpunks.to/faq/cyphernomicron/...
23 of 23 26/02/2009 6:30 PM