Zimmermann PGP

back to index

27 results

The Mysterious Mr. Nakamoto: A Fifteen-Year Quest to Unmask the Secret Genius Behind Crypto

by Benjamin Wallace  · 18 Mar 2025  · 431pp  · 116,274 words

around intellectual property.” Beyond his imagined utopia, which May called “Libertaria in Cyberspace,” he was motivated by an imminent threat. Phil Zimmermann, a bearded former antinuclear activist, had released PGP, which stood for Pretty Good Privacy and was freeware that made public-key crypto available to anyone. Just load a copy onto

he boarded an international flight. Other cypherpunks, to the same end, got tattoos of the outlaw algorithms. When a grand jury was considering indicting PGP’s Zimmermann, cypherpunks helped disseminate his software, exporting printed and digital versions to make it so widespread abroad that the U.S. government would have no recourse

reading “Big Brother Inside” on compromised machines. Some cypherpunks also had more personal reasons for their interest in privacy. Gene Hoffman, a onetime executive at PGP, told me the group wasn’t united solely by abstract ideals. Privacy rights are “a hard thing to care about,” Hoffman said. “A lot of

(s) free from criminal culpability. Bell later spent years in federal prison, first for tax evasion and then for stalking and harassing IRS agents. PGP’s Phil Zimmermann, a gentle man facing the threat of criminal prosecution, had worn a suit every day for the past three years to present a respectable

image in the court of public opinion. He was shocked when, at a cypherpunks meeting hosted by PGP, a member who went by the name Lucky

Club is going shooting next Saturday, and you’re all invited,” and proceeded to pull out an AR-15 assault rifle with an ammo clip. “PGP’s offices were in a bank building,” Phil recalled. Some cypherpunks were dogmatic, and a certain amount of their activity tended toward windy quarrels that

professional cryptographers and working programmers and hackers. “I know at the time, there was this saying, ‘Cypherpunks write code,’ ” recalls Jon Callas, who worked for PGP and later Apple and who attended many of the early meetings. “I was like, ‘I’m too busy coding to be a cypherpunk.’ ” When Bram

through the extropians that Hal Finney learned about the project that would become his life’s work. When he read that a guy named Phil Zimmermann had invented the world’s first DIY cryptography program—software anyone could run on his personal computer to send and receive emails unreadable by interlopers

and corporations. The computer can be used as a tool to liberate and protect people, rather than to control them.” He volunteered to help Phil Zimmermann, and for the next several years he worked full-time at his day job, then went home and spent his evenings as a volunteer in

the trenches, albeit in the lovely environs of California’s Central Coast, grinding out lines of code for PGP. Later, after PGP overcame its legal troubles and became a for-profit company, Finney signed on as one of its first two employees. It was an ideal

a centered person,” Will told me, describing Finney as “serene” and “never angry.” “Sometimes people that are super smart pay a price for that,” Phil Zimmermann echoed. “There’s something about their personality that doesn’t work exactly right. Hal never paid that price. He preserved his humanity and kindness and

the government.” It wasn’t a tweedy abstraction for Finney either. He’d get emotional thinking about how nonanonymous emails might land his boss Phil Zimmermann in prison. Finney had already spent $1,000 of his own money to retain a lawyer to advise on his risk of prosecution for the

time, sticking to beginner slopes and struggling to get on and off the chairlift. Hal met his fate with an attitude so upbeat that Phil Zimmermann likened it to Monty Python’s “Always Look on the Bright Side of Life.” When Phil visited Hal at home, after Hal was far along

spoke of his forthcoming release of a “cryptocurrency paper.” Another post, weeks after the white paper came out, asked readers contacting him to use a PGP key that the reporters discovered was linked to the email address satoshin@vistomail.com (nearly identical to the address Nakamoto had used when announcing the

In response to the Wired and Gizmodo bombshells, CSI Reddit crowdsourced reasons to be doubtful. A Bitcoin developer named Greg Maxwell showed that Wright’s PGP key had likely been created using software that didn’t exist at the time of its supposed creation. Motherboard’s Sarah Jeong showed how a

public directory of PGP keys hosted at MIT, which suggested that Wright’s key had been created prior to 2008, could easily have been manipulated. Even Wired, before

from Kurt Vonnegut, one of Gavin’s favorite authors) and “April 7, 2016” (the date of the London meeting), each signed with Nakamoto’s private PGP key; at least one message signed using a private key associated with a Bitcoin block mined by Nakamoto; and unpublished emails or private forum messages

academic schedule, and adjacent to the Father of Digital Cash. He’d been a hacker and open-source programmer, had collaborated with Hal Finney on PGP, and was involved with financial cryptography. He also had an ideologue’s conviction about pseudonymity. He signed his code “rabbi.” He maintained the Mixmaster

several million dollars. A Belgian named Jurgen Etienne Guido Debo called himself “Satoshi Nakamoto, the genuine one,” despite writing in broken English and presenting backdated PGP keys as real ones. An Australian named Phil “Scronty” Wilson published “Bitcoin Origins,” a lengthy document in which he claimed to have cocreated Bitcoin with

style. In the late 1990s on the cypherpunks list, he’d promoted a piece of communications encryption software called Crypto Kong, intended to improve on PGP. He’d written it in C++, the same language Nakamoto used for Bitcoin. Using the Wayback Machine, I found an archived copy of the source

the pseudonymous cypherpunk who’d come up with a digital cash system called Magic Money; Ben Laurie, author of Lucre; plus a wildcard Canadian ex-PGP programmer named Colin Plumb. Two weeks later, around lunchtime on a weekday in mid-August, Brian emailed me his results. I was nervous and hesitated

advisory board of WikiLeaks, I continued, and it was WikiLeaks’ interest in accepting Bitcoin that had seemed to spook Nakamoto. Ben also had worked on PGP applications. He nodded, noncommittally. “If nothing else, interesting,” I said. “Yeah, it’s super interesting, I love it. I mean, people have suggested before

deleted. Hal had remained a usual suspect in Nakamoto speculations. He was much more practiced at tactical secrecy than Nick Szabo, having written code for PGP, steganography, and remailers. The early stylometry assessments by Juola & Associates, admittedly of a limited field of candidates, had found Hal the closest match to

commitment to the ideal of decentralization had run deep. After his death, former colleagues began to talk more about the nature of his role with PGP, which had made the first popularly available public-key encryption software. A lingering issue with public-key cryptography was how to ensure that a public

key belonged to the person you thought it belonged to. When Phil Zimmermann released the second version of the software in 1992, it featured a “web of trust,” where people would cryptographically sign the keys of people

of connections you had to it. A main activity at the monthly cypherpunks meetings was a nerd key party where everyone signed one another’s PGP keys. Hal had been largely responsible for implementing and coding the web of trust. There was another argument for Nakamoto being someone who’d worked

on PGP. Emin Gün Sirer, who cofounded the Avalanche blockchain, studied Bitcoin’s source code and concluded that Nakamoto was self-taught and probably a single person

been somebody who has experience writing code for adversarial use cases, so that really narrows down who Satoshi could be.” Someone who’d worked on PGP, according to Sirer, was exactly the kind of person he was thinking of. “So Hal makes a very, very good Satoshi candidate in my

book.” I thought Sirer might be on to something. “I inculcated a pervasive attitude in all the people who worked on PGP that we’re up against major governments,” Phil Zimmermann told me. One of the reasons Hal’s role in the web of trust became known only years after he built

his hard drive, he taught himself cryptography and wrote and released a piece of software called CryptDisk. This brought him to the attention of Phil Zimmermann, who just then was busy worrying about being prosecuted by the government and overseeing a small circle of volunteers working to expand

him on hold to take another call. When Phil clicked back over, he said: “Will, they’re dropping the investigation. It’s over.” After that, PGP entered a new phase, incorporating as a company and seeking venture capital. Will and Hal were Phil’s first two hires. Twelve months into its

you write code, we own it.” By 2008, Will and Hal and others who’d started out as idealists with Phil were “so done with” PGP’s post-Phil corporate ownership, which was doing work for Barclays Bank and, they suspected, the CIA. Will also knew Hal’s programming style intimately

original Bitcoin source code was typical of Hal. Though Hal was best known as a C coder, he’d used both C and C++ at PGP. And Will agreed with Sirer about Nakamoto’s use of two different cryptographic algorithms. “These things are our bread and butter,” Will said. “Some

unfindable inventor, was in the grip of apophenia. But then I spoke with Jon Callas, the computer security expert who’d been chief scientist at PGP and held senior positions at Apple and the Electronic Frontier Foundation. Jon had a soup-strainer mustache and an absurdist sense of humor; he once

trying to settle on a pseudonym, he’d been inspired by that name. Maybe he was flipping through a local phonebook. Maybe, a third ex-PGP colleague named Gene Hoffman suggested, he knew it from one of his runs. When Jon last visited Hal at his home in Santa Barbara, Hal

that I couldn’t tell if it was a wink-wink nudge-nudge.” Jon also asked Fran and Jason, “and they both denied it.” Phil Zimmermann, Hal’s longtime mentor and boss, also visited and asked Hal whether he was Nakamoto. “And he said ‘No.’ I mean, he flat-out

They were both big on this concept of internet money. Len had talked excitedly about this.” But Jon Callas, who’d worked with Sassaman at PGP, was skeptical that he’d been part of any Nakamoto partnership. Sassaman was “more of a QA person than a coder,” Jon said, meaning someone

problem Bitcoin tried to solve, told me, “I see very little real use for it, other than creating a cryptocurrency for criminals.” Cypherpunk hero Phil Zimmermann, whose laptop now bore a harrumphing sticker (“CRYPTO MEANS CRYPTOGRAPHY”), called Bitcoin “an embarrassment” and “a ghetto of criminality and fraud.” Mike Hearn, the

, Arthur van Pelt, Richard Waddy, Bruce Wagner, Steve Wang, Or Weinberger, Todd A. White, Will Whitehouse, Zooko Wilcox, Craig Wright, Kurt Wuckert Jr., and Phil Zimmermann. All quotes and thoughts not otherwise attributed in the text or in these notes come from my interviews with those involved. Several digital archives were

. Greene, “Cypherpunk Bell Gets Ten Years,” The Register, August 28, 2001. GO TO NOTE REFERENCE IN TEXT “the Cypherpunks Gun Club is going shooting”: Phil Zimmermann, interview. GO TO NOTE REFERENCE IN TEXT he announced that it would explicitly exclude topics: Cory Doctorow, “CodeCon Is a P2P Event,” Boing Boing, January

he skied for the last time: Magnoli, “After a Year of ALS.” GO TO NOTE REFERENCE IN TEXT Phil Zimmermann likened it: Phil Zimmermann, interview by Dustin Dreifuerst, “Episode 34: The Legend Phil Zimmermann,” Did You Know (podcast), May 5, 2019. GO TO NOTE REFERENCE IN TEXT “Well, I have more time

to read now.”: Phil Zimmermann, interview by Dreifuerst, “Episode 34.” GO TO NOTE REFERENCE IN TEXT “Maybe people here will understand.”: Finney, “Dying Outside” (and in comments). GO TO NOTE

the Internet Today,” The Washington Post, May 21, 2014. GO TO NOTE REFERENCE IN TEXT to the chagrin of cryptographers: Phil Zimmermann, interview by Dustin Dreifuerst, “Episode 34: The Legend Phil Zimmermann,” Did You Know (podcast), May 5, 2019. GO TO NOTE REFERENCE IN TEXT more than sixteen thousand different cryptocurrencies: CoinMarketCap

340 GB blocks, 568k transactions,” Reddit, r/Bitcoin, December 8, 2015. GO TO NOTE REFERENCE IN TEXT Motherboard’s Sarah Jeong: Sarah Jeong, “Satoshi’s PGP Keys Are Probably Backdated and Point to a Hoax,” Vice, December 9, 2015, WM. GO TO NOTE REFERENCE IN TEXT “Cloudcroft has never been an

the genuine one”: Jurgen Etienne Guido Debo, “I am, the genuine ‘Satoshi Nakamoto,’ ” website “Satoshi Nakamoto,” 2019. GO TO NOTE REFERENCE IN TEXT presenting backdated PGP keys as real ones: Jamie Redman, “Another Self-Proclaimed Satoshi Appears in the High Profile Bitcoin Lawsuit,” Bitcoin.com News, July 24, 2019. GO TO

, December 12, 2010. GO TO NOTE REFERENCE IN TEXT After his death, former colleagues: Phil Zimmermann, Gene Hoffman, and Jon Callas, interviews. GO TO NOTE REFERENCE IN TEXT “web of trust”: Philip Zimmermann, “PGP Marks 30th Anniversary,” Phil Zimmermann website, June 6, 2021. GO TO NOTE REFERENCE IN TEXT Emin Gün Sirer: Charlie Shrem

Trying to Reinvent Money (New York: Harper, 2015), 42. GO TO NOTE REFERENCE IN TEXT which was doing work for Barclays Bank: “Barclays Bank selects PGP encryption platform,” The Paypers, May 26, 2008. GO TO NOTE REFERENCE IN TEXT he would only officially retire from the company in early 2011: Hal

Charts—Hashrate Distribution. GO TO NOTE REFERENCE IN TEXT “an embarrassment” and “a ghetto of criminality and fraud”: Dustin Dreifuerst, “Episode 34: The Legend Phil Zimmermann,” Did You Know (podcast), May 5, 2019. GO TO NOTE REFERENCE IN TEXT “an experiment” that had “failed”: Mike Hearn, “The Resolution of the Bitcoin

Beautiful security

by Andy Oram and John Viega  · 15 Dec 2009  · 302pp  · 82,233 words

vii 7 8 9 10 11 12 viii Creating Accountability in Online Advertising 105 THE EVOLUTION OF PGP’S WEB OF TRUST by Phil Zimmermann and Jon Callas 107 PGP and OpenPGP Trust, Validity, and Authority PGP and Crypto History Enhancements to the Original Web of Trust Model Interesting Areas for Further Research References

Bellis Chapter 6, Securing Online Advertising: Rustlers and Sheriffs in the New Wild West, by Benjamin Edelman Chapter 7, The Evolution of PGP’s Web of Trust, by Phil Zimmermann and Jon Callas Chapter 8, Open Source Honeyclient: Proactive Detection of Client-Side Exploits, by Kathy Wang Chapter 9, Tomorrow’s Security

SECURING ONLINE ADVERTISING: RUSTLERS AND SHERIFFS IN THE NEW WILD WEST 105 CHAPTER SEVEN The Evolution of PGP’s Web of Trust Phil Zimmermann Jon Callas W HEN P RETTY G OOD P RIVACY (PGP) FIRST ARRIVED IN 1991, it was the first time ordinary people could use strong encryption that was previously

available only to major governments. PGP led to new opportunities for human rights organizations and other users concerned

trust is also a special case of both a hierarchy and accumulation. In public key infrastructure, the most widely used cumulative trust system is the PGP Web of Trust. However, cross-certification and bridge CAs are closely related to cumulative trust, if not precisely an accumulation system. DEFINITIONS Although most

colloquial; it was created to be a common-language alternative to technical terms. Let us define some of those technical terms as well as the PGP-related terms: PKI Public Key Infrastructure. A PKI is a set of technologies and mechanisms for creating, distributing, and maintaining public keys and certificates.

pressing matters of the peace movement postponed the bulk of the development effort until years later. Phil wrote the first working version of PGP in 1991. He published PGP in the wake of Congressional discussion‖ of requiring that all communications equipment and services have a “trap door” in them to permit

Phil, in which Eli Biham found cryptographic flaws. So Phil— along with Hal Finney, Peter Gutmann, and Branko Lancaster—worked on its successor version, PGP 2.0. PGP 2.0 replaced the Bass-O-Matic cipher with the International Data Encryption Algorithm (IDEA) cipher, designed by Xuejia Lai and James Massey. It

who wanted to use strong cryptography in an ad hoc, unregulated environment. It became a grassroots phenomenon. Patent and Export Problems While cryptographically quite strong, PGP 2 had other issues, dealing with patents and export control. The IDEA cipher was patented, and the patent owner, Ascom-Tech AG, licensed it

2.5 that used RSAREF in the U.S. but broke compatibility with all previous versions. This meant that there were several versions of PGP: • The pre-PGP 2.5 versions of the software, which were cut off from future development and support # PEM was originally defined by John Linn and Steve

which by then had spread throughout the Internet. That started the notorious investigation of Phil and PGP software. The investigation lasted until January 1996, when it was dropped. There are many misconceptions about l’affaire Zimmermann that we can correct. Phil was the target of a criminal investigation, but was not prosecuted

. No criminal charges were filed about PGP against him or anyone else. Nor were there any lawsuits filed, nor any other

Central authorities distribute revocations using the same channels they use to distribute the original authorizations to use keys. The basic model for revocation The original PGP Web of Trust described in the previous section offered two mechanisms for revocation: Key revocation Someone who has lost control of her key must be

. This kind of revocation, like the previous one, is itself a kind of signature. (Signatures are the general way of transferring trusted information in PGP.) Signing a key with this key revocation signature invalidates all of its certifications. Signature revocation A key can create a signature declaring that another signature

SEVEN Key revocation and expiration Key revocation is a rough edge in all PKIs—perhaps the sharpest rough edge in public key cryptography. Although the PGP model is flexible and avoids some revocation pitfalls (such as the unmanageable sizes that certificate revocation lists tend to reach), it has its own

resilience against lost private keys, forgotten passphrases, and compromised keys. Everyone should define a designated revoker for their keys. Designated revokers first appeared in PGP 3, and are a part of OpenPGP. Freshness Freshness is an alternative way to manage expiration and revocation. Freshness-based systems use standard expiration and

keys is also an integral component of the DKIM emailauthentication protocol (see Allman et al. in “References” on page 129). Signature Bloat and Harassment PGP software systems typically agglomerate signatures on keys, which is the easiest way to handle the signatures and usually stays faithful to their meaning. However, there

preferences are so useful that X.509 standards are in the process of adding their own in-certificate preferences. 126 CHAPTER SEVEN The PGP Global Directory The PGP Global Directory is a revised LDAP-based keyserver that improves upon previous generations of keyservers through better authentication and key editing. It works

. The Global Directory is a consolidation of a number of ideas that circulated in the OpenPGP community, including: • The Robot CA, first proposed by Phil Zimmermann, written about by Seth Schoen, and then refined and implemented by Kyle Hasselbacher (see “References” on page 129). • The Self-Assembling PKI described earlier,

designed by Jon Callas and Will Price THE EVOLUTION OF PGP’S WEB OF TRUST 127 • Existing OpenPGP keyservers • Email round-trip authentication, used by email mailing list servers such as Mailman (http: //www.list.

keys (such as Dudley signing Snidely’s key), someone cannot assume a relationship between two people based upon the existence of a key signature. Moreover, PGP “key-signing parties,” where a number of people get together and collectively certify each other’s keys, blur the semantic meaning of the social network

Fenton, and M. Thomas. DomainKeys Identified Mail (DKIM) Signatures, RFC 4871, http://www.ietf.org/rfc/rfc4871.txt. Atkins, D., W. Stallings, and P. R. Zimmermann. PGP Message Exchange Formats, RFC 1991, http://www.ietf.org/rfc/rfc1991.txt. Callas, J. “Improving Message Security With a Self-Assembling PKI,” in Proceedings of

Ellison, C., B. Frantz, B. Lampson, and R. Rivest. SPKI Certificate Theory, RFC 2693, September 1999, http://www.ietf.org/rfc/rfc2693.txt. Garfinkel, S. PGP: Pretty Good Privacy (http://oreilly.com/catalog/9781565920989/index .html). O’Reilly, 1995. Gordon, J. “The Alice and Bob After Dinner Speech,” given at the

Zurich Seminar, April 1984, http://downlode.org/etext/alicebob.html. THE EVOLUTION OF PGP’S WEB OF TRUST 129 Hasselbacher, K. “ROBOT CA,” http://www.toehold.com/robotca. Hasselbacher, K. “Robot CA: toward zero-UI crypto,” http://www

ESORICS ’96), Lecture Notes in Computer Science, Springer-Verlag, Sept. 1996, Vol. 1146, pp. 325–350, http://citeseer.ist.psu.edu/ maurer96modelling.html. McBurnett, N. “PGP Web of Trust Statistics,” http://bcn.boulder.co.us/~neal/pgpstat. Reiter, M. and S. Stubblebine. “Path independence for authentication in large-scale systems,” in

1996. Schoen, S. “Casual PKI and making e-mail encryption easy,” http://www.advogato.org/article/ 391.html. Zimmermann, P. R. The Official PGP User’s Guide. The MIT Press, 1995. Zimmermann, P. R. PGP: Source Code and Internals. The MIT Press, 1997. 130 CHAPTER SEVEN CHAPTER EIGHT Open Source Honeyclient: Proactive Detection of

writing on his blog at http://cleartext.wordpress.com. J ON C ALLAS , security expert and cryptographer, is the chief technical officer and cofounder of PGP Corporation. He has worked at a number of firms, including Counterpane Internet Security, Apple, and Digital Equipment Corporation. He is also the coauthor and

lack of a company to stand behind it, and the opprobrium of government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP, Inc. That company was acquired by Network Associates, Inc. (NAI) in December 1997,

where he stayed on for three years as Senior Fellow. In August 2002, PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann now serves as special advisor and

consultant. Zimmermann currently is consulting for a number of companies and industry organizations on matters cryptographic, and is

principal designer of the cryptographic key agreement protocol for the wireless USB standard. His latest project is Zfone, which provides secure telephony for the Net. Zimmermann has received numerous technical and humanitarian awards for his pioneering work in cryptography. In 2008 PC World named him one of the Top 50 Tech

Award from Computer Professionals for Social Responsibility for promoting the responsible use of technology. In 1995, Newsweek named Zimmermann one of the “Net 50,” the 50 most influential people on the Internet. Zimmermann received his bachelor’s degree in computer science from Florida Atlantic University in 1978. He is a member of

D Secure protocol, 77 auto-update and, 15 CV2 security code, 76 e-commerce security, 83, 84 federated programs, 210 NTLM, 6 password security, 7 PGP Global Directory and, 127 portability of, 85 security pitfall in, 71 SET protocol, 78 WEP support, 52 Authentication History Server (AHS), 77 authoritative keys,

B B.J.’s Wholesale Club, 50 backend control systems, 18–20 backward compatibility LANMAN password encoding, 6 learned helplessness and, 2 legacy systems, 7 PGP issues, 117 balance in information security, 202–207 banking industry (see financial institutions) banking trojans, 141, 249 banner ads exploit-laden, 89–92, 143

(CIS), 45 Center for Strategic and International Studies (CSIS), 201 Centers for Disease Control and Prevention (CDC), 36 certificate authorities, 112 (see also introducers in PGP) certification support, 111 DSG support, 203 establishing trust relationships, 27 hierarchical trust, 109 SET requirements, 78 certificates, 109 (see also specific types of certificates) defined

178 Einstein, Albert, 147 Electronic Communications Privacy Act (ECPA), 207 email log handling, 221 malware exploits, 248 EMBED tag, 94 encryption LAN Manager sequence, 4 PGP support, 107, 116–120 security certificates and, 22, 24 SET support, 78 Encyclopædia Britannica, 94–98 event logs (see logs) EVM (Earned Value Management),

Internet Explorer exploit-based installs and, 92 open source honeyclients, 134 recent vulnerabilities, 131 Internet Relay Chat (see IRC) intranets, security flaws, 25 introducers in PGP, 113 (see also certificate authorities) defined, 109, 112 extended, 123 Web of Trust process, 113 intrusion detection system (see IDS) investment metrics, 47 IRC (

-certificate preferences, 126 Web of Trust, 113, 115, 120 keyrings, 112 keys (see certificates; public key cryptography) keyservers defined, 112 key-editing policies, 126 PGP Global Directory, 127 Klez virus, 248 knowledge-based authentication (KBA), 68 Kovah, Xeno, 138 L L0phtCrack government interest in, 13 learned helplessness example, 3–6

data, 44 peer-to-peer networks (see P2P networks) PEM (Privacy Enhanced Mail), 117 perma-vendors, 156 Personally Identifiable Information (PII), 180 Pezzonavante honeyclient, 144 PGP (Pretty Good Privacy), 111 (see also Web of Trust) background, 107, 108, 116 backward compatibility issues, 117 Crypto Wars, 118 designated revokers, 122 encryption

support, 107, 116–120 key validity, 108 patent and export problems, 117 source download, 116 trust models, 109–116 trust relationships, 108 PGP Corporation, 108 PGP Global Directory, 127 pharmware, 68 phishing 3-D Secure protocol, 77 as information source, 68 botnet support, 66 challenges detecting, 231 spam and, 70

120 SET considerations, 79 PlexLogic, 45 Plumb, Colin, 119 port scanning, 231 pragmatic security, 200, 209 Pre-Shared Key (PSK), 28 Pretty Good Privacy (see PGP) Price, Will, 127 Primary Account Number (PAN), 77 Privacy Enhanced Mail (PEM), 117 proof-of-concept project, 191–193 Provos, Niels, 145 PSK (Pre-Shared

psychological traps confirmation traps, 10–14 278 INDEX functional fixation, 14–20 learned helplessness, 2 public key cryptography cumulative trust systems, 111 key revocation, 121 PGP support, 107 RSA algorithm, 117 SET support, 78 steganographic applications, 245 validity, 108 Public Key Infrastructure (see PKI) Public Key Partners, 118 put options,

), 150 Sober virus, 248 Sobig virus, 248 social networking crowdsourcing, 161 impact on security, 154, 158, 160–162 interoperability, 160 malware distribution and, 69 PGP and, 107 potential in, 159 state of the art in, 159 Web of Trust and, 128 Social Security numbers incident detection considerations, 237 spyware stealing

110 defined, 109 direct trust, 109 hierarchical trust, 109 users as certification authorities, 112 trust relationship defined, 108, 114 establishing for wireless networks, 26–28 PGP support, 107 validity comparison, 108 U Unified Compliance Framework, 44 University of London, 168 Unix systems grep utility, 216 log handling, 221 security vulnerabilities, 8

background, 107 cumulative trust support, 111 enhancements to original model, 120–128 functionality, 112–114 implications of signing keys, 114–116 in-certificate preferences, 126 PGP Global Directory, 127 revoking certificates, 120–122 rough edges in original, 114–116 scaling issues, 123–124 signature bloat/harassment, 124 social networking and,

services and, 152 Y Yahoo! CPC advertising, 101 DDoS attacks on, 16 YouTube, 165 Z Zatko, Peiter “Mudge”, 1–20, 205 zero-day exploits, 252 Zimmermann, Phil, 107–130 INDEX 281 COLOPHON The cover image is a cactus from Photos.com. The cover fonts are Akzidenz Grotesk and Orator. The text

Applied Cryptography: Protocols, Algorithms, and Source Code in C

by Bruce Schneier  · 10 Nov 1993

Common Cryptographic Architecture 24.9 ISO Authentication Framework 24.10 Privacy-Enhanced Mail (PEM) 24.11 Message Security Protocol (MSP) 24.12 Pretty Good Privacy (PGP) 24.13 Smart Cards 24.14 Public-Key Cryptography Standards (PKCS) 24.15 Universal Electronic Payment System (UEPS) 24.16 Clipper 24.17 Capstone 24

Kelsey, Xuejia Lai, Bill Leininger, Mike Markowitz, Richard Outerbridge, Peter Pearson, Ken Pizzini, Colin Plumb, RSA Data Security, Inc., Michael Roe, Michael Wood, and Phil Zimmermann for providing source code; Paul MacNerland for creating the figures for the first edition; Karen Cooper for copyediting the second edition; Beth Friedman for proofreading

can safely recite it in public. If it’s a secret key, he can use a one-way hash function to verify the key. Both PGP (see Section 24.12) and the AT&ampT TSD (see Section 24.18) use this kind of key verification. Sometimes, it may not even be

Alice and Bob both trust. Perhaps Alice and Bob trust only their friends. Perhaps Alice and Bob trust no one. Distributed key management, used in PGP (see Section 24.12), solves this problem with introducers. Introducers are other users of the system who sign their friends’ public keys. For example, when

are encrypted? Generally, she relies on the fact that most popular encryption programs have well-defined headers. Electronic-mail messages encrypted with either PEM or PGP (see Sections 24.10 and 24.12) are easy to identify for that reason. Other file encryptors just produce a ciphertext file of seemingly random

waiting to see how well the algorithm fares during the coming years of cryptanalysis. Its current claim to fame is that it is part of PGP (see Section 24.12). Overview of IDEA IDEA is a block cipher; it operates on 64-bit plaintext blocks. The key is 128 bits long

easiest solution is to pad messages with independent random values. This also ensures that me mod n ` me. Most real-world RSA implementations—PEM and PGP (see Sections 24.10 and 24.12), for example—do this. Moral: Pad messages with random values before encrypting them; make sure m is about

, and encryption. PSMP will work with the Capstone chip (see Section 24.17). 24.12 Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) is a freeware electronic-mail security program, originally designed by Philip Zimmermann [1652]. It uses IDEA for data encryption, RSA (with keys up to 2047 bits) for key management and

digital signatures, and MD5 as a one-way hash function. PGP’s random public keys use a probabilistic primality tester, and get their

initial seeds from measuring the user’s keyboard latency while typing. PGP generates random IDEA keys using the method delineated in ANSI X9.17, Appendix C (see Section 8.1) [55], with IDEA as the symmetric algorithm

instead of DES. PGP also encrypts the user’s private key using a hashed pass phrase instead of a password. PGP-encrypted messages have layered security. The only thing a cryptanalyst can learn about an encrypted message is

of information about the sender, recipient, and message in the unencrypted header. The most interesting aspect of PGP is its distributed approach to key management (see Section 8.12). There are no key certification authorities; PGP instead supports a “web of trust.” Every user generates and distributes his own public key. Users

sign each other’s public keys, creating an interconnected community of PGP users. For example, Alice might physically give her public key to Bob. Bob knows Alice, so he signs her public key. He then gives the

Bob to certify other people’s keys, verifies his signature on Alice’s key and accepts it as valid. Bob has introduced Alice to Carol. PGP does not specify a policy for establishing trust; users are free to decide who they trust and who they do not

. PGP provides mechanisms for associating trust with public keys and for using trust. Each user keeps a collection of signed public keys in a file called

the degree to which the particular user trusts the key’s owner to sign other public keys; this field is set manually by the user. PGP continuously updates these fields as users supply new information. Figure 24.7 shows how this model might look for a particular user, Alice. Alice’s

to certify a key. Alice believes that Kurt’s key is legitimate because both Dave and Ellen have signed it. This is not automatic in PGP; Alice can set her own paranoia level. Just because Alice believes a key to be valid, she does not have to trust it to sign

Kurt’s signature on Nancy’s key. Owen’s key doesn’t fit into the web anywhere; perhaps Alice got it from a key server. PGP does not assume that the key is valid; Alice must either declare the key valid or decide to trust one of the key’s signers

. Of course, nothing prevents Alice from using keys she does not trust. PGP’s job is to alert Alice that the key is not trusted, not to prevent communications. The weakest link of this whole system is key

certificate with her private key; if she loses the key altogether she cannot revoke it. Figure 24.7 PGP trust model. The current version of PGP is 2.6.2. A new version of PGP, PGP 3.0, is scheduled for release by the end of 1995. Changes in 3.0 include options for

signature public-key/private-key key pairs, enhanced procedures for key revocation, improved key-ring management functions, an API for integrating PGP in other programs, and a completely rewritten code base. PGP is available for MS-DOS, UNIX, Macintosh, Amiga, and Atari. It is free for personal, noncommercial use, and is available

from many ftp sites on the Internet. To ftp PGP from MIT, telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to

from ftp.ox.ac.uk, ftp.dsi.unimi.it, ftp.funet.fi, ftp.demon.co.uk, Compuserve, AOL, and elsewhere. For U.S. commercial users, PGP can be bought—complete with licenses—for about $100 from a company called ViaCrypt, 9033 N 24th Ave., Phoenix, AZ, 85021; (602) 944-0773; viacrypt

@acm.org. Several shareware front-ends are available to help integrate PGP into MS-DOS, Microsoft Windows, Macintosh, and UNIX. There are several books about PGP [601, 1394, 1495]. The source code has even been published in book form [1653] in an attempt to frustrate

the U.S. Department of State, which continues to maintain that source code is exportable on paper but not electronically. Assuming you trust IDEA, PGP is the closest you’re likely to get to military-grade encryption. 24.13 Smart Cards A smart card is a plastic card, the size

is in direct control over the systems on which it runs and has a secure path to it. For example, the interfaces to programs like PGP assume that their passphrase input always comes from the user over a secure path like the local console. This is not always the case, of

and L. Salvail, “Quantum Oblivious Mutual Identification,” Advances in Cryptology—EUROCRYPT ’95 Proceedings, Springer–Verlag, 1995, pp. 133–146. 397. A. Curiger, H. Bonnenberg, R. Zimmermann, N. Felber, H. Kaeslin and W. Fichtner, “VINCI: VLSI Implementation of the New Block Cipher IDEA,” Proceedings of IEEE CICC ’93, San Diego, CA, May

and D.S. Johnson, Computers and Intractability: A Guide to the Theory of NP–Completeness, W.H. Freeman and Co., 1979. 601. S.L. Garfinkel, PGP: Pretty Good Privacy, Sebastopol, CA: O’Reilly and Associates, 1995. 602. C.W. Gardiner, “Distributed Public Key Certificate Management,” Proceedings of the Privacy and Security

. Schneier, “The GOST Encryption Algorithm,” Dr. Dobb’s Journal, v. 20, n. 1, Jan 95, pp. 123–124. 1394. B. Schneier, E–Mail Security (with PGP and PEM) New York: John Wiley & Sons, 1995. 1395. C.P. Schnorr, “On the Construction of Random Number Generators and Random Function Generators,” Advances in

. 103–111. 1494. W. Stallings, Network and Internetwork Security, Englewood Cliffs, N.J.: Prentice–Hall, 1995. 1495. W. Stallings, Protect Your Privacy: A Guide for PGP Users, Englewood Cliffs, N.J.: Prentice–Hall, 1995. 1496. Standards Association of Australia, “Australian Standard 2805.4 1985: Electronic Funds Transfer—Requirements for Interfaces: Part

–157. 1651. C. Zimmer, “Perfect Gibberish,” Discover, v. 13, n. 12, Dec 1992, pp. 92–99. 1652. P.R. Zimmermann, The Official PGP User’s Guide, Boston: MIT Press, 1995. 1653. P.R. Zimmermann, PGP Source Code and Internals, Boston: MIT Press, 1995. Previous Table of Contents Next Products | Contact Us | About Us | Privacy

Renting Passports, 111 statistical, 108 Terrorist Fraud, 110 Zero-knowledge protocol: basic, 102–104 graph isomorphism, 104–105 Hamiltonian cycles, 105–106 Zierler, Neal, 381 Zimmermann, Philip, 584 Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age

by Steven Levy  · 15 Jan 2002  · 468pp  · 137,055 words

business world—that he basically ignored the whole problem and went back to work. By early 1991, Zimmermann was making progress toward a working product. Then something happened to change his course—and to make PGP famous. The unlikely agent in this shift was U.S. Senator Joseph Biden, the head of

suggest you begin to stock up on crypto gear while you can still get it.” To Zimmermann, S. 266 was the ultimate deadline. If he didn’t get PGP out into the world now, the government might prevent its very existence. At least for the time being, domestic crypto was legal. So

Zimmermann decided to finish up the first version of PGP quickly and get it out to as many people as

possible. He also gave up his financial hopes for PGP. Instead of releasing it as shareware, he designated it “freeware.” This

—most were very computer savvy, and a lot of them were outright nerds. But these were exactly the types of people who would respond to PGP, which, despite Zimmermann’s best efforts, was still not as easy to use as MacWrite or Tetris. Oddly, at that time

Charlie Merritt. In the month after the on-line call to action about S. 266, Zimmermann apparently gave Goen a copy of his PGP software so that it could be spread on the Internet “like dandelion seeds,” Zimmermann later wrote. On May 24 Goen e-mailed Jim Warren, a computer activist and columnist

familiar refrain: On the Information Highway, borders are just speed bumps. How quickly did PGP leave the United States and find its way overseas, without as much as a howdy-do to the export laws? Instantly. Zimmermann would later marvel at hearing that the very next day people in other countries were

encrypting messages with PGP. How could Zimmermann have avoided this potentially illegal passage of his program to distant shores? “I could have

not released it at all,” he later said. “But there’s no law against Americans having strong cryptography.” And, after all, Phil Zimmermann engineered his sudden release of PGP not to circumvent export laws, but to arm his countrymen, the people who might be affected by Senate Bill 266. His motto, as

program, was “When crypto is outlawed, only outlaws will have crypto.” Ironically, Joseph Biden’s offending language, the impetus for Zimmermann’s extraordinary step, met a much less enthusiastic response than PGP did. Senator Biden had been taken by surprise at the huge expression of public outrage (fueled by civil liberties groups

June, he had quietly withdrawn the clause. But the incident left an unexpected legacy: hundreds of thousands of PGP-encrypted messages circulating throughout the world. Pretty Good Privacy had escaped from Phil Zimmermann’s hard drive and had now been cloned countless times. He could no more recall it than one could

take back one’s words after they were uttered. Zimmermann was proud of PGP 1.0 though defensive at its shortcomings. Maybe it didn’t introduce any mathematical innovations. And maybe the coding was so disorganized that

would not sue him. An agreement was indeed drawn up to that effect, and Zimmermann signed it. But each party had his own interpretation of that phone conversation. Bidzos felt that the deal compelled Zimmermann actually to kill PGP. Zimmermann insisted that he had only affirmed his understanding of a hypothetical agreement: if he

stopped distribution of PGP, then he would not be sued. Zimmermann would also claim Bidzos gave him verbal assurances that RSA would sell

licenses to PGP’s end-users so they could use the software without infringing on RSA’s patents

. Bidzos denied those claims. It later became clear that Zimmermann’s interpretation of “distributing PGP” was somewhat narrow. By leaving the distribution to others, he felt that he was free to continue his involvement with the software. In

fact, Zimmermann was supervising a second release of PGP, this one with the help of some more experienced cryptographers. He’d realized that he needed help after a sobering experience at

using the program.) Right away, he ran into Brian Snow, one of the top crypto mathematicians at the NSA. Zimmermann, of course, was curious as to whether the government was upset about PGP. “If I were you, I would be more concerned about getting heat from Jim Bidzos than from the government

,” said Snow. This puzzled Zimmermann—why wasn’t the government worried? Then he sought private comments on his program. After

to a differential cryptanalysis attack. While not exactly a dead fish, the Bass-O-Matic was far from a prize catch. Zimmermann now realized that he could only truly improve PGP if he were to recognize his own limitations. His ultimate success at codemaking would come from realizing that he wasn’t

-core details. Fortunately, a lot of very smart people had been excited by the release of PGP 1.0. Instead of feeling burned by its weaknesses, they were eager to pitch in and fix them. Soon Zimmermann had recruited volunteers in New Zealand, Holland, and California to be his mainstay engineers. A

recommended. “This is not,” he wrote in the 2.0 documentation, “a home-grown algorithm.” Another crucial improvement came in an area that Zimmermann basically had ignored with PGP 1.0: key certification, the process by which public keys are authenticated. Certification is often seen as the Achilles’ heel of public key

reflected the outsider sensibility that generally characterized his efforts. Instead of a central key authority, he envisioned the PGP community itself as an authority. “PGP allows third parties, mutually trusted friends, to sign keys,” explained Zimmermann in a 1993 interview. “That proves that they came from who they said they came from.” By

which you trust various signers. With this web of trust, a stronger encryption algorithm, a better interface, and a number of other improvements, PGP 2.0 was—unlike Zimmermann’s favorite weekend comedy show—ready for prime time. The informal team of programmers had even prepared translations of the interface in several

languages, so people worldwide could use it from the day of release. In September 1992, two of Zimmermann’s helpers posted PGP 2.0 on the Net from their respective homes in Amsterdam and Auckland. This way, the program could be imported into the United States

to dry prairie grass.” Jim Bidzos became, if possible, even angrier. He was particularly outraged at a contention of Zimmermann’s included in the documentation that came with every download of PGP. Zimmermann claimed that Public Key Partners was ripping off the American public by making people pay for technology developed on the

government dime. After Zimmermann’s attempts to cover himself with disclaimers (“The author of this software implementation of the RSA algorithm

heroes, and never was curious enough to look at it?” Yet much of Bidzos’s fury was directed not just at Zimmermann’s actions but at the runaway popularity of PGP. Because it was free, available worldwide regardless of export laws, and had quickly attained a patina of coolness among the high

latest effort, and copies were distributed to all in the room. (Zimmermann himself was still in Boulder.) The event turned into a key-swapping party, as everyone exchanged PGP public keys and signed one another’s key ring. PGP, after all, was the embodiment of the group’s belief that cryptography was too

quote in his famous Scientific American article about RSA, he had thought not. The question certainly bugged Phil Zimmermann. In his heart, he felt that the encryption algorithm at the center of his PGP software was sound. In naming his program, he felt that “pretty good” was an understatement: users should be

even further. Citing current personal computer technology, he said that to crack “128-bit cryptography, which is what PGP is . . . would [take] 8.6 trillion times the age of the universe.” But Zimmermann knew that a brute-force attack on IDEA (International Data Encryption Algorithm) was not the only way to gut

me ask you a question,” said the former intelligence man, puffing aggressively on a cigarette. “Say that someone used PGP for very bad stuff. How much would it cost us to break it?” Zimmermann seemed flustered. “Well, I’ve been asked that before,” he said. “It could be done.” “But how much

would it cost us?” It was far from Zimmermann’s favorite subject, but he played along. He conjectured that the best attacks on PGP would not be on its key size but on other weaknesses. Its data structure could be troublesome, he

in making a political point and reaping big fun in the process. One of the first efforts began with Phil Zimmermann’s PGP software. Long before Morris brought up the question of PGP’s strength at Crypto ’95, its users had been plagued by nagging questions of its resilience. Their angst reflected the

at the drop of a fax button, he would zip journalists a copy of Zimmermann’s (ambiguously) written promise to stop distributing PGP, a vow apparently not kept in spirit. But Zimmermann never thought that he would find himself under criminal investigation. So when two women from the U.S. Customs Service in

at Jim Bidzos’s bidding. Indeed, though the investigators wanted to know how PGP was distributed, many of the questions dealt with PGP’s similarity to RSA’s products. As far as technological expertise, the investigators seemed clueless. Zimmermann had to explain to them the very basic ideas of crypto and software distribution

investigation for illegally exporting munitions. (Kelly Goen, who had identified himself to MicroTimes columnist Jim Warren as a Johnny Appleseed of PGP, was also a potential target.) For the next three years, Zimmermann was in legal purgatory, investigated by a grand jury but unindicted. His lawyers advised him to lie low. But

PGP’s fame had given Phil Zimmermann a taste for speaking out loud. Besides, he felt that his best chance lay in taking the case to the public. Whenever he had talked

on it. Officials confirmed that the book could be exported, but not the floppy. It seemed absurd. So Zimmermann talked, and generated publicity. He seldom failed to note that Burmese rebels reportedly used PGP to avoid the deadly consequences of being discovered in antigovernment activities; in testimony to a congressional hearing in

will help democratic people if necessary.” When confronted with the charges from law enforcement agencies that PGP was particularly useful to criminals—in one Sacramento case, the cops couldn’t read a pedophile’s diary encrypted with Zimmermann’s software—he argued that all technology has trade-offs. Perhaps the highlight of

club. The young lady lap dancing in proximity to Zimmermann asked casually what he did. “I’m a cryptographer,” he said. “I wrote a program called PGP.” The lap dance stopped in midgyration. “You’re Phil Zimmermann?” she asked in awe. “I know all about PGP!” True, cypherpunk sex workers were not everyday occurrences

. But PGP’s audience was beginning to extend beyond techies and privacy nuts. The

Wall Street Journal described how PGP was used by lawyers maintaining electronic confidentiality with

astronomer staking his claims to his celestial discoveries. In order to entice commercial audiences, Zimmermann had licensed the code to a company called ViaCrypt. Since ViaCrypt already had paid a licensing fee to RSA, it could sell PGP to business customers without fear of a lawsuit. (Supposedly paying two license fees was

lawsuit filed against the new company for copyright infringement was eventually settled, with PGP paying normal royalties for public key protocols.) But PGP, Inc. was short-lived. Admittedly the kind of guy who couldn’t balance his own checkbook, Zimmermann turned over the operations of his company to businesspeople who went through millions

a full-service security giant. Finally, the nearly broke company was sold to an established personal computer security firm, Network Associates. Zimmermann was kept on as the official head of PGP, but his contribution came not so much as a software developer but as a living symbol of strong cryptography. It was

. Page 191 Merritt Background on Charlie Merritt was drawn in part from Garfinkel’s PGP and Maureen Harrington, “Cyber Rebel,” Denver Post, March 3, 1996. 196 consultant Identified as W. H. Murray in Jim Warren, “Is Phil Zimmermann Being Persecuted? Why? By Whom? Who’s Next?” MicroTimes, April 1995. 197 Goen Ibid

additional feature in that someone with the proper information can reverse the calculation. Plaintext The original, preencrypted form of a message. Pretty Good Privacy (PGP) Phil Zimmermann’s popular home-grown public key cryptosystem, distributed for free on the Internet beginning in 1991. Private Key In a public key system, the private

The Code Book: The Science of Secrecy From Ancient Egypt to Quantum Cryptography

by Simon Singh  · 1 Jan 1999

the fact that the unrestricted employment of our submarines now offers the prospect of compelling England to make peace within a few months. Acknowledge receipt. Zimmermann Zimmermann had to encrypt his telegram because Germany was aware that the Allies were intercepting all its transatlantic communications, a consequence of Britain’s first offensive

theological works, had deciphered a secret message hidden in a postcard addressed to Sir Henry Jones, 184 King’s Road, Tighnabruaich, Scotland. Figure 28 The Zimmermann telegram, as forwarded by von Bernstorff, the German Ambassador in Washington, to Eckhardt, the German Ambassador in Mexico City. (photo credit 3.2) The postcard

.” A single breakthrough by Room 40 cryptanalysts had succeeded where three years of intensive diplomacy had failed. Barbara Tuchman, American historian and author of The Zimmermann Telegram, offered the following analysis: Had the telegram never been intercepted or never been published, inevitably the Germans would have done something else that would

Germans found that their security had been compromised, they would upgrade their Enigma machines, and Bletchley would be back to square one. As with the Zimmermann telegram episode, the British took various precautions to avoid arousing suspicion, such as sinking a German vessel after pinching its codebooks. This would persuade Admiral

political association, freedom of the press, freedom from unreasonable search and seizure, freedom to be left alone. These views might seem paranoid, but according to Zimmermann there is a fundamental difference between traditional and digital communication which has important implications for security: In the past, if the government wanted to violate

all vulnerable to interception. Digital technology has aided communication, but it has also given rise to the possibility of those communications being monitored. According to Zimmermann, cryptographers have a duty to encourage the use of encryption and thereby protect the privacy of the individual: A future government could inherit a technology

expert in cryptography to operate it. He called his project Pretty Good Privacy, or PGP for short. The name was inspired by Ralph’s Pretty Good Groceries, a sponsor of Garrison Keillor’s Prairie Home Companion, one of Zimmermann’s favorite radio shows. During the late 1980s, working from his home in

IDEA key, which consists of a relatively small amount of information, is being encrypted with a slow asymmetric cipher. Zimmermann planned to have this combination of RSA and IDEA within the PGP product, but the user-friendly interface would mean that the user would not have to get involved in the nuts

and bolts of what was going on. Having largely solved the speed problem, Zimmermann also incorporated a series of handy features into

PGP. For example, before using the RSA component of PGP, Alice needs to generate her own private key and public key. Key generation is not trivial, because

decrypt the message and verify the author. Nothing in PGP was original-Diffie and Hellman had already thought of digital signatures and other cryptographers had used a combination of symmetric and asymmetric ciphers to speed up encryption-but Zimmermann was the first to put everything together in one easy-to-use encryption

product, which was efficient enough to run on a moderately sized personal computer. By the summer of 1991, Zimmermann was well on the way to turning PGP into a polished product. Only two problems remained, neither of them technical. A long-term problem had been the fact that

RSA, which is at the heart of PGP, is a patented product, and patent law required Zimmermann to obtain a license from RSA Data Security

, Inc. before he launched PGP. However, Zimmermann decided to put this problem to one side. PGP was intended not as a product for businesses, but rather

community. For example, human rights groups around the world started to use PGP to encrypt their documents, in order to prevent the information from falling into the hands of the regimes that were being accused of human-rights abuses. Zimmermann began to receive e-mails praising him for his creation. “There are

resistance groups in Burma,” says Zimmermann, “who are using it in jungle training camps. They’ve said that it’s helped morale there, because before PGP was introduced captured documents would lead to the arrest, torture and execution of entire families.” In

, I wish you to know: let it never be, but if dictatorship takes over Russia, your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks.” While Zimmermann was gaining fans around the world, back home in America he had been the target of criticism

. RSA Data Security, Inc. decided not to give Zimmermann a free license, and was enraged that its patent was being infringed. Although Zimmermann released PGP as freeware (free software), it contained the RSA system of public key cryptography, and consequently RSA Data Security

, Inc. labeled PGP as “banditware.” Zimmermann had given something away which belonged to somebody else. The patent wrangle would continue for

several years, during which time Zimmermann encountered an even greater problem. In February 1993, two government investigators paid

Zimmermann a visit. After their initial enquiries about patent infringement, they began to ask questions about the more serious accusation of illegally exporting a weapon. Because the U.S. Government included encryption software within its definition of munitions, along with missiles, mortars and machine guns, PGP could not be

exported without a license from the State Department. In other words, Zimmermann was accused of being an arms dealer because he had exported PGP via the Internet. Over the next three years Zimmermann became the subject of a grand jury investigation and found himself pursued by the FBI. Encryption for the

Masses … Or Not? The investigation into Phil Zimmermann and PGP ignited a debate about the positive and negative

effects of encryption in the Information Age. The spread of PGP galvanized cryptographers, politicians, civil libertarians and law enforcers into thinking about the implications of widespread encryption

. There were those, like Zimmermann, who believed that the widespread use of secure encryption would be a boon to society

fund to finance his legal defense. At the same time, the kudos of being the subject of an FBI inquiry boosted the reputation of PGP, and Zimmermann’s creation spread via the Internet even more quickly—after all, this was the encryption software that was so secure that it frightened the Feds

as a result the product was not as polished as it could have been. Soon there was a clamor to develop a revised version of PGP, but clearly Zimmermann was not in a position to continue working on the product. Instead, software engineers in Europe began to rebuild

PGP. In general, European attitudes toward encryption were, and still are, more liberal, and there would be no restrictions on exporting a European version of PGP around the world. Furthermore, the RSA

patent wrangle was not an issue in Europe, because RSA patents did not apply outside America. After three years the grand jury investigation had still not brought Zimmermann to trial. The case was complicated by the

nature of PGP and the way it had been distributed. If Zimmermann had loaded PGP onto a computer and then shipped it to a hostile regime, the case against him

would have been straightforward because clearly he would have been guilty of exporting a complete working encryption system. Similarly, if he had exported a disk containing the PGP program, then the

physical object could have been interpreted as a cryptographic device, and once again the case against Zimmermann would have been fairly solid. On the other hand, if he had printed the computer

can be fed directly into a computer, which means that a book is as dangerous as a disk. What actually occurred was that Zimmermann gave a copy of PGP to “a friend,” who simply installed it on an American computer, which happened to be connected to the Internet. After that, a hostile

regime may or may not have downloaded it. Was Zimmermann really guilty of exporting PGP? Even today, the legal issues surrounding the Internet are subject to debate and interpretation. Back in the early 1990s, the situation was vague

in the extreme. In 1996, after three years of investigation, the U.S. Attorney General’s Office dropped its case against Zimmermann. The FBI realized

that it was too late-PGP had escaped onto the Internet, and prosecuting Zimmermann would achieve nothing. There was the additional problem that Zimmermann was being supported by major institutions, such as the Massachusetts Institute of Technology

Press, which had published PGP in a 600-page book. The book was being distributed

around the world, so prosecuting Zimmermann would have meant prosecuting the MIT Press. The FBI was also reluctant to pursue a prosecution because there was

major problem also disappeared. Eventually he achieved a settlement with RSA and obtained a license which solved the patent issue. At last, PGP was a legitimate product and Zimmermann was a free man. The investigation had turned him into a cryptographic crusader, and every marketing manager in the world must have envied

the notoriety and free publicity that the case gave to PGP. At the end of 1997, Zimmermann sold PGP to Network Associates and he became one of their senior fellows. Although PGP is now sold to businesses, it is still freely available to individuals who do not intend

that she is downloading an authentic copy of PGP, whereas in reality she is downloading a Trojan horse version. This modified version looks just like the genuine PGP program, but contains instructions to send plaintext copies of all Alice’s correspondence to Eve. As Phil Zimmermann puts it: “Anyone could modify the source

code and produce a lobotomized zombie imitation of PGP that looks real but does the bidding of its

diabolical master. This Trojan horse version of PGP could then be widely circulated, claiming to be from

cipher alphabet changes during the encryption, for example the Vigenère cipher. The change is defined by a key. Pretty Good Privacy (PGP) A computer encryption algorithm developed by Phil Zimmermann, based on RSA. private key The key used by the receiver to decrypt messages in a system of public key cryptography. The

modern cryptography. A definitive, comprehensive, and authoritative introduction to the subject. Chapter 7 Zimmermann, Philip R., The Official PGP User’s Guide (Cambridge, MA: MIT Press, 1996). A friendly overview of PGP, written by the man who developed it. Garfinkel, Simson, PGP: Pretty Good Privacy (Sebastopol, CA: O’Reilly & Associates, 1995). An excellent introduction

latter has only one setting, but has a second window that shows the scramblers moving and the subsequent effect on the electrical path. Phil Zimmermann and PGP http://www.nai.com/products/security/phil/phil.asp Electronic Frontier Foundation http://www.eff.org/ An organization devoted to protecting rights and promoting freedom

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers

by Andy Greenberg  · 12 Sep 2012  · 461pp  · 125,845 words

anarchist thinker who would cofound the cypherpunks in 1991 and create a thought-experiment prototype for cryptographically anonymous leaks called BlackNet. PHIL ZIMMERMANN Applied cryptographer whose Pretty Good Privacy program (PGP) brought free, strong encryption to the masses. His investigation by the U.S. Justice Department from 1993 to 1996 ignited a

Isaac Asimov and Neal Stephenson, and below them a mass of cryptography textbooks. It’s only when I mention one in particular, titled PGP Source Code and Internals, that Zimmermann immediately sets aside his lunch and switches into war-story-telling mode. “As soon as they decided to prosecute me,” he says

and speaking out publicly against the Reagan administration’s policies. In 1985, Gorbachev came to power and declared a unilateral moratorium on nuclear testing. Now, Zimmermann and his peacenik cohorts hoped, America’s aggressive regimen of vaporizing cubic miles of dirt and rock with hydrogen bombs under the Nevada desert could

years, Gorbachev, not Reagan, would end the world’s nuclear standoff with the dissolution of the USSR. But the protest had a different significance: Zimmermann’s first experience with civil disobedience locked in his resolve to grapple with unjust authority. And although he didn’t know it then, the unassuming

the scrambled text to find patterns that allowed them to remove the pads’ random noise, breaking the ciphers. The digital one-time pad that Zimmermann programmed as a hobby project generated its random numbers with FORTRAN’s random number generator. Never mind that FORTRAN actually used a pseudorandom number generator

based on a math operation known as a linear congruential equation. Zimmermann thought he’d created an uncrackable encryption program before his senior year of college. “It was very simpleminded crypto, but I believed it was

article, he had begun to imagine crypto as an increasingly necessary tool for grassroots organizing and international freedom-fighting. Like many of his fellow hackers, Zimmermann shared David Chaum’s pessimistic vision that the rise of digital technologies threatened to render personal privacy extinct. The new medium of e-mail was

Governments would be able to spy on their citizens like never before. But strong, universally available encryption could flip that trend to the opposite extreme. Zimmermann envisioned Chinese democracy protesters, South American rebel groups, and radical American antinuclear activists e-mailing one another with impunity, free from the watchful eye of

public key encryption on a mundane microcomputer, the equivalent of assembling a three-mast model ship inside a perfume bottle. After their first conversation, Zimmermann began to call Merritt weekly to interrogate him for more details of how to pull off the miniaturized functions of the MIT cryptographers’ system. While

Merritt had a long head start over Zimmermann, Zimmermann could program in C, a language that worked on everything from IBM computers to Ataris. Eventually Merritt gave up on explaining mathematical operations over the

men spent a week at his whiteboard hashing out crypto-programming. Merritt quickly gave up on making any substantial money from his partnership with Zimmermann. But he appreciated Zimmermann’s antiauthoritarian bent. For the last several years, Merritt had been repeatedly dogged and threatened by the National Security Agency. The secretive organization

And because his customers were mostly concerned about maintaining their privacy from regimes less friendly than the U.S. government, ITAR was choking his business. Zimmermann, on the other hand, wasn’t concerned about export controls. After all, he only planned to give away any tools he created as grassroots political

tools, not sell them. Why would customs agents bother him over his insignificant, do-gooder hobby? By 1987, Zimmermann had pulled together much of his newfound crypto-programming know-how into an article published in the well-regarded technology journal IEEE Computer. The prestige

the paper won for Zimmermann allowed him to start calling other cryptographers around the world for advice and coding contributions without coming off as just another paranoid cipher-nut.

prophetic commentary to the Usenet discussion: “I suggest you begin to stock up on crypto gear while you can still get it.” Zimmermann felt he had to finish PGP before that bill became law. So he dropped everything and worked day and night to develop his crypto embryo and deliver it into

the world. He neglected his day job and consulting gigs so thoroughly that he missed five mortgage payments. “I really honed my negotiation skills with banks,” Zimmermann

says. Within hours of posting it to Usenet, PGP began spreading like a prairie fire, fueled in part by fears of a government crypto crackdown on the way. It was

jumped over U.S. borders and multiplied itself around the globe, directly violating ITAR’s ban on cryptographic exports. PGP fulfilled Zimmermann’s dream as a political weapon almost immediately. Activists in Myanmar used the encryption program to hide communications from a brutal military junta that would

kill its citizens for even owning a fax machine. A Bosnian user sent Zimmermann a message to say that during the siege of Sarajevo, his father had used PGP to encrypt e-mails to his family during the hour or two of occasional electricity in the war

-torn city. Finally he received a PGP-encrypted message that would make all of Zimmermann’s missed mortgage payments worthwhile. It came from a user in Latvia, where fear still ran high that the newly independent

help democratic people if necessary. Thanks. Shortly after the release of his second version of PGP in 1993, Zimmermann received a call from a U.S. customs agent in San Jose. She asked him for more information on his humble invention, and Zimmermann cheerfully answered her questions, thinking that she had perhaps encountered

PGP on a computer the agency was investigating and was merely curious about it. But when the agent told

Zimmermann she planned to fly all the way to Boulder to pay him a visit, Zimmermann began to get nervous. Zimmermann was aware of Charlie Merritt’s export

of his modest hobby. A few months later, a formal notice arrived in the mail. Zimmermann was the subject of a grand jury investigation. His potential crime: sharing his beloved PGP with the world. The news put Zimmermann into a state of shock. Spending an afternoon or even a night in a Nevada

spent three intense days talking about math, protocols, domain specific languages, secure anonymous systems,” says May. “Man, it was fun.” Just a week after Zimmermann released PGP 2.0, Hughes and May invited forty of their favorite coders and cryptographers to Hughes’s newly purchased home in Oakland. About twenty of them

Code and Internals. As the title suggests, it’s literally a printed copy of PGP’s code, hardly legible to humans, not to mention the nongeek members of a jury deciding Zimmermann’s fate. But as Zimmermann explains, it wasn’t any argument or fact written in that volume, but rather the

book’s mere existence—the fact that PGP’s source code was represented in ink on slices of pulped tree

between two sheets of cardboard—that made it a crucial weapon in the Crypto Wars. In 1993, two years before that book was printed and shortly after Zimmermann had been formally notified about

sued them in a federal court. While that lawsuit was under way, Zimmermann ran into an editor at MIT Press while attending a privacy conference. The editor wanted to publish the PGP user’s manual that Zimmermann had included with PGP 1.0. Zimmermann was willing, but he asked for a favor. “I’d like

you to also publish the source code to PGP,” Zimmermann said. “All of it.” The code added up to close

to eight hundred pages, and MIT printed it in a font that was designed to be easily readable for scanning software, so that it could be converted from ink to bits with minimal effort. Zimmermann was playing with

exported right under the government’s nose. It’s doubtful many Europeans ever scanned that book to implement its code. PGP was already being used across the world, after all. But now Zimmermann’s legal team could wield that bound chunk of paper—the one, today long out of print, sitting on

prosecutors that they would detonate as soon as he was indicted. In the end, the Justice Department dropped its investigation into PGP, with no explanation. Zimmermann never found out whether it was his public support, Karn’s export trick, or simply a lack of political will behind his prosecution that saved

applications from grassroots activism to child pornography to terrorism to untraceable whistleblowing, belonged to the people. As I wrap up my interview with Zimmermann and he puts his PGP source-code book back on the shelf, I ask, almost out of a sense of obligation more than hope, whether he has any

for seemingly harmless digital crimes hang over him for three years, must have felt especially familiar. It’s little wonder that he fell in with Zimmermann’s most hard-core supporters, the crew who happened to also be radical hackers and antiauthoritarian misfits like himself. Assange became a cypherpunk. He

on his weekend’s worth of Perl coding. Hal Finney, a former video game developer who had worked on pieces of PGP, designed a version of the remailer that would integrate Zimmermann’s encryption software. Now a message’s destination could be encrypted with a remailer’s public key. That was the

strongest aversion of all to Bell’s murderous blueprint. “He was so full of violence and anger,” Zimmermann says with disgust. At one point Bell wrote to Zimmermann to ask what the inventor of PGP thought of his ideas. “I wrote him back and said that he had managed to do what no

he and his cocreators, a fellow researcher named Ralf-Philipp Weinmann and coauthor of Underground Suelette Dreyfus, would soon rename it, simply, “Rubberhose.” Like Zimmermann’s PGP, Rubberhose was designed for activists in repressive regimes to smuggle out controversial data. But where a captured rebel activist with a laptop hard drive encrypted

archetypal twentieth-century leaker crystallized everything Assange had learned from the cypherpunks: WikiLeaks would share all of David Chaum’s, Tim May’s and Phil Zimmermann’s beliefs in the power of cryptography to effect political change. It had all the ambitious complexity of “Assassination Politics,” with its illegality and violence

personality contrasts occasionally flared into deeper conflicts over their idea of activism. One of the most representative, perhaps, was the issue of suits. Like Philip Zimmermann, Berg subscribed to the Ellsberg strategy of protest. “We had some public appointments where I was convinced we could achieve more in conservative attire than

Street, protesters adopt the same tactics of angry, confrontational nonviolence that Birgitta Jónsdóttir used in the Icelandic Revolution of 2009, that Daniel Ellsberg and Phil Zimmermann used in their Cold War protests for nuclear disarmament, that John Young used in the Columbia University Occupation of 1968. They chant slogans, acquiesce to

trademark infringement eventually kiboshed that guerrilla sticker campaign Levy, p. 252. “Not ninety-nine percent. One hundred point zero percent” Zimmermann’s University of Illinois talk. strapping a copy of PGP to a missile and shooting it at Mexico, just to prove a point Ibid. “When they got that one, I can

of indictment, 139, 177, 178, 224, 320 on Tor, 138 Twitter data of, 138–39 and Young, 130–32 and Zatko, 174, 201–2 and Zimmermann, 113 “Assassination Politics,” 117, 119–22, 123–24, 125, 133–34 Bahnhof ISP, 237–38 Baker, Stewart, 101 BalkanLeaks, 231–35, 261–62, 268

89–92 meetings of, 81–82 remailer of, 82, 92, 118 shooting club of, 82 WikiLeaks’ connection to, 102 and Young, 111, 122–25 and Zimmermann, 85, 86 See also Hughes, Eric; May, Tim Data-Leak Prevention (DLP) industry, 187–90 DC-Net (Dining Cryptographers Network), 68–69 de Vries, Benjamin

Network encryption, 79–80, 82 and Chaum’s transaction system, 66–70 and Clipper Chip, 84–85, 86, 88 cryptographers (see Chaum, David; Merritt, Charlie; Zimmermann, Philip R.) export laws on, 72, 74, 75, 86–87 government regulation of, 72, 73, 75, 83 and May’s BlackNet concept, 89–92

, 76–77, 79, 122 and New York Times magazine story, 122 and origins of Cypherpunks, 79, 80–81 writing ambitions of, 76, 77–78 and Zimmermann, 85, 88 Mazzacone, Eric, 216 McCarthy, Smári, 258, 268, 287, 300 McGovern, George, 35, 36–37 McNamara, Robert, 24–25 Meredith, Daniel, 291–92

–87 MIT Press’s publication of, 87 origins of, 70–75 passwords for, 306 in remailers, 118 and Young’s Cryptome site, 101 PGP: Source Code and Internals (Zimmermann), 53, 83, 87 Pietrosanti, Fabio, 318–19 Pirate Bay, 238–39, 256, 305, 306, 318 political dissidents, 136–38, 140 PRQ (PeRiQuito

The Dark Net

by Jamie Bartlett  · 20 Aug 2014  · 267pp  · 82,580 words

net considered this to be an attempt by the US government to control cyberspace, which until that point had operated largely outside state control. Phil Zimmermann, an anti-nuclear activist and computer programmer, was worried that digital technologies appeared to be eroding citizens’ privacy, rather than liberating them. For years

, Zimmermann had dreamed of creating an encryption system for the masses based on public key encryption that would allow political activists to communicate free from the

it. On learning of Biden’s S.266 clause, he feverishly set out to complete the project, almost losing his house in the process. When Zimmermann finished his software in 1991, he published it all online – on a Usenet group, of course – free for anyone who wanted to use it. He

within weeks it had been downloaded and shared by thousands of people around the world. ‘Before PGP, there was no way for two ordinary people to communicate over long distances without the risk of interception,’ said Zimmermann in a later interview. ‘Not by phone, not by FedEx, not by fax.’ It remains

the most widely used form of email encryption to this day. The US government, needless to say, wasn’t happy. They believed too many people using strong cryptography like PGP would make life

period well. ‘We were very worried about the spread and adoption of powerful encryption like PGP.’ The British government even briefly considered following France in legislating to control encryption. In the end, they decided against: once Zimmermann had released the source code online, it was going to be almost impossible to try

for online trade and commerce. A more secure internet would be trusted by more people. The US government decided on a different course. Zimmermann, having released his PGP source code on the internet, was considered by the US government to have exported munitions. The United States Customs Service launched a criminal investigation

, seeking to prosecute Zimmermann under the Arms Export Controls Act. This battle over encryption became known as the Crypto-Wars, fought between those who believed

whistleblowing site Cryptome was becoming a thorn in the side of intelligence agencies. Better still, the US government had dropped its investigation into Phil Zimmermann, and PGP was being used all over the world. One thing was still missing. Although the cypherpunks had tried to build a system of anonymous digital payment

a social media platform called Twister. Miguel Freitas is Twister’s chief developer. Miguel worked for several straight months – also unpaid, just as Zimmermann did when working on PGP – to convert the blockchain model into a social media platform after the British Prime Minister, David Cameron, admitted his government considered shutting down

. Jabber, another instant-messaging service, is encrypted with industry-standard Secure Sockets Layer, run by volunteers and physically hosted in a secure data centre. Phil Zimmermann is currently working on a project called Darkmail, an automatically end-to-end encrypted email service. Today there are hundreds of people like Amir and

of the net. He also believes that crypto is a key part of a political project. He wants you to encrypt all your emails with PGP, even (or especially) those you send to friends and family members. The reason, he explains, is to provide ‘cover traffic’ for those who do need

isn’t going unheeded: more and more people are starting to adopt encryption technology – the demand for services like Mailpile, PGP or Jitsi is growing: the daily adoption rate of PGP keys tripled in the months following Snowden’s revelations. In the mid-1990s, the cypherpunks frequently warned of the impending ‘surveillance

people don’t know how to browse the net anonymously using Tor, how to pay with Bitcoin, or how to send a message encrypted with PGP. A crypto-party is a small workshop to show them how. It’s typically twenty or so people being walked through the basics of online

online. In packed workshop sessions, each one hour long, we learned how to use Tor to browse anonymously; how to spend Bitcoins; how to use PGP. There was an interesting mix of participants. A group of older women were delighted at sending messages to each other using

PGP (which is weirdly satisfying). Soon we were exchanging missives. With only a click, this: Jklr90ifjkdfndsxmcnvjcxkjvoisdfuewlkffdsshSklr9jkfmdsgk,nm3inj 219fnnokmf9n0ifjkdfndsxmcnvjcxkjvoisdfuewlkfJflgmfklr90ifjkdfn dsxmcnvjcxkjvoisdfuewlkf,nm3inj219fnnokmf972nfksjhf83kdbgfh ydid89qhdkfksdfhs8g93kkkafndhfgusdug892kmgsndu19jgwdnng skgds8t48senglsdpss9sy31bajsakf7qianfkalhs19jaslfauwq8qoafall 2kjhagfasjf993hamfalsfuqiejfkallnjksd732j1ls0dskj suddenly becomes: Hello!

much publicly about ourselves, a lot of people – not just cypherpunks – think that their right to privacy is being breached. The Downside People like Phil Zimmermann or Smári are developing crypto because they believe their work helps guard civil liberties from intrusive surveillance, especially in repressive regimes. And undoubtedly it does

closely the latest development in secure communications. It’s an arms race.’ It has been alleged – although never proven – that the 9/11 terrorists used PGP encryption in their communications: ‘I have no idea whatsoever about that,’ says Omand. But he is convinced that terrorists would have been ‘delighted’ by information

hazardous’. For the cypherpunks, the fact that criminals use encryption is an unfortunate outcome, but a cost worth paying for the extra freedom it provides. Zimmermann has been asked repeatedly how he feels that the 9/11 hijackers might have used software he designed. It was, he says, far outweighed by

the fact PGP is ‘a tool for human rights around the world . . . strong crypto does more good for a democratic society than harm.’ Zimmermann or Tim May don’t have responsibility for keeping the public safe, and don’t

read top-secret security briefings. Omand did. Not that he blames Zimmermann – ‘it is not a moral consideration for him to weigh up. Of

course he should have developed PGP. We would not have the benefits of the internet without such breakthroughs. But it’s for elected

what’s propelling it, because he thinks the endgame is inevitable. He tells me the third leg of the trifecta is in place: along with PGP, and anonymous browsing, there is now an anonymous currency: ‘And, man,’ he exclaims excitedly, ‘that’s got to be freaking Big Brother out!’ May anticipates

could be bought only with Bitcoin, and visitors were advised to sign up with digital pseudonyms. Any correspondence between buyers and sellers took place using PGP encryption, and once read, messages were automatically deleted. In June 2011, a secure forum was set up in order to enable better communication between users

approves (or declines if there is a problem). But the money is released only when two of the three sign off on it with their PGP keys. No one party can disappear with the money. It’s like a safe where all the key holders must be present to unlock it

about the size of a postcard, but a little bulky – padded with bubblewrap. The name and address I’d entered into the site using my PGP key was printed on to a small sticker. It looked, felt and smelled exactly like every other item of post I’d received that week

35. You decrypt c and find m using your private key: m=c^7cmod 35. If the numbers are several hundred digits long (as in PGP), it is nearly impossible to guess the secret key.”’ (The calculation is actually incorrect: when I asked him, May explained that Cyphernomicon was only a

the most important cryptographic development since the Renaissance. Also Schmeh, K., Cryptography and Public Key Infrastructure on the Internet. p.80 ‘“Before PGP, there was no way” . . .’ Interview with Zimmermann, InfoWorld magazine, 9 October 2000, p.64. p.81 ‘In the end, they decided against . . .’ In fact, three GCHQ mathematicians had already

two colleagues . . .’ http://www.indiegogo.com/projects/Mailpile-taking-email-back. p.99 ‘The cypherpunk message isn’t going unheeded . . .’ http://www.dailydot.com/news/pgp-encryption-snowden-prism-nsa/. p.99 ‘In 2013, documents released by Edward Snowden . . .’ James Ball, Julian Borger and Glenn Greenwald, ‘Revealed: how US and UK

vendor on S[ilk] R[oad],’ wrote Libertas. ‘To do this, we ask you PM me with a signed message with your old PGP, linking me to your PGP key on the old forums.’ p.139 ‘Inigo, one of Libertas’s fellow administrators . . .’ Not everyone was happy that Ulbricht had been arrested

that the source code did not betray any vulnerabilities. 6 November: Silk Road 2.0 goes online. There are new security features, including double validation PGP encryption. It tries to make up for lost ground by validating old vendors automatically. 30 November: Sheep Market shuts down after $5.3 million in

sites. Libertas – on setting up Silk Road 2.0 – allowed all existing Silk Road vendors to immediately become Silk Road 2.0 vendors if their PGP keys matched up. When the marketplace Atlantis went online as a rival to the original Silk Road, verified Silk Road traders were able to become

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance

by Julia Angwin  · 25 Feb 2014  · 422pp  · 104,457 words

this fragile foundation rested my most robust hope of encryption. * * * This is not how it was supposed to turn out. When the antinuclear activist Philip Zimmermann released the first mass-market encryption program called Pretty Good Privacy in 1991, it seemed for a brief time that encryption could liberate humanity from

oppression. PGP was the first program to offer access to military-grade encryption to ordinary people. Until then, powerful computerized encryption was available only to the government

and to large companies willing to pay huge licensing fees. (The software I was using for encryption, GPG, is a free software version of PGP.) The widespread availability of powerful encryption helped spur a movement called Cypherpunks. On March 9, 1993, Eric Hughes published A Cypherpunk’s Manifesto. “Privacy is

, but electronic technologies do.” Not surprisingly, the U.S. government was not thrilled with the Cypherpunk uprising. The U.S. Customs Service began investigating whether Zimmermann had violated arms trafficking laws, since high-powered encryption was considered a munition subject to export restrictions. In 1996, however, the government dropped the investigation

the same time the Justice Department was investigating Tor developer Jacob Appelbaum for his involvement in WikiLeaks. And Phil Zimmermann, the founder of Pretty Good Privacy, went the capitalist route. He sold PGP to Network Associates in 1997 for $36 million. And in 2012, he joined with the cryptographer Jon Callas and

24, 2012. Off-the-Record was created in 2004: Nikita Borisov, Ian Goldberg, and Eric Brewer, “Off-the-Record Communication, or, Why Not to Use PGP,” 2004, http://www.cypherpunks.ca/otr/otr-wpes.pdf; and Brian Whitley, “Students Develop Encryption for Instant Messaging,” Daily Californian, February 22, 2005, http://www

/article.php%3fid=17720.html. Off-the-Record helps solve the problem: Borisov, Goldberg, and Brewer, “Off-the-Record Communication, or, Why Not to Use PGP.” (Tails) operating system: “Documentation,” Tails, https://tails.boum.org/doc/index.en.html. At his military court proceedings: Bradley Manning, “Bradley Manning’s Statement Taking

.cypherpunks.ca/otr/people.php. It turned out he was: Evan Schoenberg, in discussion with author, November 25, 2012. When the antinuclear activist Phil Zimmermann: Phil Zimmermann, “Creator of PGP and Zfone: Background,” Philzimmermann.com (personal blog), http://www.philzimmermann.com/EN/background/index.html. The software I was using: “The GNU Privacy

, “A Cypherpunk’s Manifesto,” March 9, 1993, http://www.activism.net/cypherpunk/manifesto.html. The U.S. Customs Service began investigating whether: Phil Zimmermann, “Testimony of Philip R. Zimmermann to the Subcommittee on Science, Technology, and Space of the US Senate Committee on Commerce, Science, and Transportation,” philzimmermann.com (personal blog), June

26, 1996, http://www.philzimmermann.com/EN/testimony/. In 1996, however, the government dropped: Phil Zimmermann, “Significant Moments in PGP’s History: Zimmermann Case Dropped” philzimmermann.com (personal blog), January 12, 1996, http://www.philzimmermann.com/EN/news/PRZ_case_dropped.html. And in 1999, the

: Julia Angwin, “Secret Orders Target Email,” Wall Street Journal, October 9, 2011, http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html?mod=WSJ_whattheyknow2011_LeftTopNews. He sold PGP to Network Associates: Jamie Beckett, “New Company’s Fast Start / Network Associates Buys Software Firm for $36 Million,” San Francisco Chronicle, December 2, 1997, http

PNR (Passenger Name Records) Poland police political campaigns political websites Pollan, Michael pornography Postbox Precision Market Insights Prendergast, John prepaid debit cards Pretty Good Privacy (PGP) price manipulation PRISM program privacy. See also dragnets changing conversation about children and Cypherpunks and data audit for economics of environmental pollution and first steps

Yahoo! yellow page directories Yemen Youens, Liam YouTube ZabaSearch Zazi, Najibullah zero data retention zero data border crossing zero-knowledge environment Ziff Davis Smart Business Zimmermann, Philip ALSO BY JULIA ANGWIN Stealing MySpace: The Battle to Control the Most Popular Website in America ABOUT THE AUTHOR JULIA ANGWIN is the author

Rise of the Machines: A Cybernetic History

by Thomas Rid  · 27 Jun 2016  · 509pp  · 132,327 words

glacial progress of actual cryptographic technologies that could be used by normal people. Yes, Phil Zimmermann had just released his home-brewed PGP (for “Pretty Good Privacy”) 1.0 to the public. This was a significant step. Zimmermann, in violation of export control regulations as well as patent law, gave public-key encryption

to the people. And the uptake of his rogue app, as well as the uproar, was big. But the first version of PGP was buggy and clunky to use. Much

, Gilmore even sporting an EFF T-shirt complete with the internet address of the then newly founded Electronic Frontier Foundation. The geeky rebels had their PGP fingerprints written on the foreheads of the masks.32 The same year, in the summer of 1993, Kelly published a long story about the crypto

was openly revealed. Encryption protected the content of packets but not the headers—what later would be called “metadata.” The now publicly available PGP protocol left metadata unprotected. PGP on its own, in short, created confidentiality, not anonymity. The cypherpunks wanted a solution to this problem. Remailers were the solution. These were

one remailer kept a log file that could identify the sender. Court orders or lawsuits were ineffective against machines that automatically forgot data. But integrating PGP into remailers was a problem, at least initially. Eric Hughes and Hal Finney wrote the first such remailers in 1992, in the programming languages Perl

spill a few government secrets, and to reveal secrets of the Church of Scientology. By late 1992, things had started to move. The use of PGP was on the rise, and the first remailers were coming online. On December 1, 1992, two days after Gilmore had scored his symbolic victory against

highly skeptical of anonymity online. On April 1, 1994, when the Clipper debate reached its fever pitch, a “nobody” reported on the newsgroup that Phil Zimmermann had been arrested and that the crypto pioneer was being held on bail of $1 million.55 Brand was about to sit on a panel

with Zimmermann and was not amused. He responded to the cypherpunks two days later: “The Zimmerman[n] prank,” he wrote, “hardens my line further against anonymity online

the cypherpunk projects had flopped: the list was in demise, and many of the projects that the activists had promoted with such youthful optimism—remailers, PGP, message pools, digital cash, offshore hosting—remained on the fringe, or they had failed outright. The cypherpunks were looking for individual sovereignty, a Bermuda in

(left), John Gilmore (right), and Eric Hughes, who appeared wearing these masks on the cover of Wired magazine’s second issue, in May 1993, their PGP fingerprints written on their foreheads. Ryan Lackey, inspired by the cypherpunks, ran HavenCo, a desolate anarchist server platform in the North Sea, starting in late

.Christian D. Odhner, “Re: BlackNet,” e-mail to cypherpunks@toad.com, August 18, 1993. 66.Paul Leyland, “The BlackNet 384-Bit PGP Key Has Been BROKEN,” posting to alt.security.pgp, June 26, 1995. 67.Timothy May, “Who Is L. Detweiler,” e-mail to cypherpunks@toad.com, January 11, 1994. 68.Timothy

Douglas Engelbart and, 173 William Gibson and, 211–12 Timothy Leary and, 187–89 and second wave of hackers, 184 pessimism, See dystopia peyote, 185 PGP (Pretty Good Privacy), 261, 272–73 Philco Corporation, 137–40 Phreak, Acid (Elias Ladopoulos), 237–39 physico-chemical system, nervous system as, 64 physics, nonexistent

truck/gun, 20, 21 Yahoo!, 244 Year 2000, The (Kahn), 111 Yeltsin, Boris, 329 Yom Kippur War, 299 Young, John, 284 Zimmerman, Thomas, 213–14 Zimmermann, Phil, 261, 277 Copyright © 2016 by Thomas Rid All rights reserved First Edition Brautigan, Richard: From All Watched Over by Machines of Loving Grace by

Engineering Security

by Peter Gutmann

how it worked, a point that the typical user would never even get to [600]. Before the PGP fans leap on this as another example of X.509’s unusability, it should be mentioned that PGP, which a mere 10% of users could understand, fared little better. Even the techies who run

the much simpler one of using STARTTLS (see “Key Continuity in SSL/TLS and S/MIME” on page 378) or a corporate S/MIME or PGP gateway. Another example of changing the model was the one given earlier of switching from confidentiality as a communications goal to authentication/authorisation as a

usual situation in which the layer below problem occurs is for data travelling over the Internet, which is why we have SSL/TLS, SSH, IPsec, PGP, S/MIME, and a whole host of other security protocols layered on top of TCP and UDP. Even when the data finally exits the network

domain to the other and the transformation requirements will be taken care of, and if it’s store-and-forward then use S/MIME or PGP with authenticated encryption. You can use this type of transformation procedure in other ways as well, for example to protect network services. You’re most

Aoki, Jens Franke, Arjen Lenstra, Emmanuel Thomé, Joppe Bos, Pierrick Gaudry, Alexander Kruppa, Peter Montgomery, Dag Arne Osvik, Herman te Riele, Andrey Timofeev and Paul Zimmermann, Cryptology ePrint Archive, Report 2010/006, 6 January 2010, http://eprint.iacr.org/2010/006. “Advanced Intuit Password Recovery 2.0 provides instant removal of

the 27th Chaos Communication Congress (27C3), December 2010, https://events.ccc.de/congress/2010/Fahrplan/events/4087.en.html. Quoted by Jon Callas in “Hacking PGP”, presentation at Black Hat Europe 2005, March 2005, http://www.blackhat.com/presentations/bh-europe05/bh-eu-05-callas-up.pdf. “More SideJacking”, Robert Graham

.5 (May 2011), p.54. References [69] 289 “exploit -r0ket”, ‘nitram’, 19 August 2011, http://r0ket.badge.events.ccc.de/exploit. [70] [71] [72] [73] “PGP User’s Guide”, Phil Zimmerman, 5 June 1991. “How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole”, Kim Zetter, 24 October

someone decides that it’d be a good idea to store people’s password files in the cloud). Another such vulnerability affected some versions of PGP that use a capability called Additional Decryption Keys (ADK), a feature requested by commercial users in order to provide a data-recovery access capability to

data encrypted by employees in the event that they left the company or were incapacitated. PGP carefully authenticated the ADK information that was placed in the set of authenticated attributes associated with the key (called the hashed subpacket area in

), but then treated further ADK information that it found in the set of unauthenticated attributes (the 362 Design unhashed subpacket area in PGP terminology) in the same way as the authenticated attributes. By adding ADK information to the unauthenticated attributes, an attacker could get a victim to encrypt

to protect anything more complex than a single block of data using a shared key then pick a standard format or protocol, S/MIME or PGP for messages and SSL/TLS for data communicated over a network, find a library or toolkit that gives you what you want, and use that

case “wrong” doesn’t mean merely different to the accepted way of doing things but, most probably, insecurely. If you look at data formats like PGP and S/MIME then you’ll notice that, at the abstract level, they’re more or less identical despite the very different design philosophies behind

them. This is because there’s generally one right way to do things and an infinite number of wrong ways, and both PGP and S/MIME, despite their differences in data formats and general philosophy, do things the right way. Conversely, if you’re doing something that differs

going to be anything from “poor” through to “unacceptable”. If you want to use a standard security protocol like SSH, SSL/TLS, S/MIME, or PGP rather than a totally custom one that’s hand-tuned for size and speed in your particular environment then an absolute minimum would be a

you’re doing with your XML. With a little effort this can be even more lucrative than a USPTO-assisted patent shakedown). S/MIME and PGP can also be employed in a manner in which they run into at least a small subset of the problems of XML’s canonicalisation. This

to invalidate the signature. The simplest solution to this problem is “don’t do that, then”, bundling the signed data inside an S/MIME or PGP envelope where it can’t be mangled by mailers. Even if the XML canonicalisation problem could somehow be solved, there’s an even more serious

use of XML external entity (XXE) attacks [509][510] [511]). This also means that unlike traditional signature formats like S/MIME and PGP where only the S/MIME or PGP implementation has to be secure, with XML every library and module that’s used by the XML security system (for example one

nature of the XML security mechanisms [512]. It’s scary to note that while there are occasional attacks on traditional formats like S/MIME and PGP involving abuses of complex cryptographic mechanisms or obscure implementation bugs that affect particular special cases, it’s only in XML security implementations that you’ll

attack, and then change it back again. In addition since XML reinvented various crypto mechanisms that already had perfectly good solutions in S/MIME and PGP, they also ended up reinventing a pile of attacks that hadn’t been seen anywhere else for a decade or more [527]. Trying to sign

because that’s where the xref is usually stored). If someone signs the resulting PDF file using a standard signing format like S/MIME or PGP then simply by changing the file extension (which doesn’t affect the signature on the file) you can convert it into a completely different document

, with the authenticated, encrypted link providing the protection that’s normally provided by the signing operation. This signed forward-chaining is a standard feature of PGP, where a new key is traditionally signed using the old one. Unfortunately no other protocol provides this forward chaining, since the keys-fall-from-the

general idea behind opportunistic upgrade is to use the strongest algorithm that the other side has demonstrated an ability to deal with. Some protocols like PGP and S/MIME even have a facility through which the other party can indicate which algorithms they’re capable of dealing with, but unfortunately this

of the 17th European Symposium on Research in Computer Security (ESORICS’12), Springer-Verlag LNCS No.7459, September 2012, p.770. [444] “Key-Experiments: How PGP Deals With Manipulated Keys”, Ralf Senderek, August 2000, http://www.senderek.com/security/key-experiments.html. [445] “Smartcard-Reader-Hack”, ‘Colibri’, 17 April 2010, http

”, Peter Gutmann, IEEE Computer, Vol.37, No.2 (February 2004), p.101. [540] “ZRTP: Media Path Key Agreement for Unicast Secure RTP”, RFC 6189, Philip Zimmermann, Alan Johnston and Jon Callas, April 2011. [541] “SMTP Service Extension for Secure SMTP over TLS“, RFC 2487, Paul Hoffman, January 1999. [542] “Using TLS

left unanswered by the standards designers, resulting in later standards bodies having to resort to measures like using PGP to handle X.509 certificate issuance [32], leading to a tongue-in-cheek suggestion that PGP might end up being X.509’s secret weapon [33]. Another PKI project used SSH to manage

[88]. The naming problem has been solved in a similar manner both within the X.509 framework and outside it with other certificate designs like PGP and the SPKI certificates mentioned earlier, which was inspired by an even earlier design called the Simple Distributed Security Infrastructure (SDSI). SDSI realised that globally

this file server”. SPKI then paired SDSI names with the concept of using the public key as an identifier to provide global uniqueness [90][91]. PGP solved the problem in a less rigorous, but equally effective, manner. Users were allowed to choose any kind of identifier they wanted for

equivalent of certificates, which generally consisted of an email address and a user name to go with the address. Since email addresses are unique and PGP was used mostly for email communications, this worked out reasonably well. This convenient property of email addresses has since been recognised by providers of web

as unique IDs for accounts (even if the publicly-visible label for the account is a user-chosen name). For identifying keys internally, PGP also used the (unique) public key. Both PGP and SPKI in effect employ the same conceptual model, using a locally meaningful identifier within a specific domain [92]. In

PGP’s case the domain is implicitly set to “email addresses”, with SPKI it can be implied by the restricted community in which the certificate is

for). As an alternative to the de facto primary key in the CN, X.509v3 also added an alternative way of identifying certificates which, like PGP and SPKI, is based on the public key, but as “X.509 in Practice” on page 694 explains this doesn’t really work in practice

overhead of having to check for a revocation that will never happen [149]. B A Bob Alice C D Figure 184: The web of trust PGP’s version of X.509’s hierarchical trust model is the web of trust [150], shown in Figure 184. The theory behind the web of

that a web-of-trust-based security system can run into, in one (informal) experiment into the effectiveness of PGP’s key distribution mechanism a professor asked his students to securely exchange PGP keys and then follow this up with an exchange of encrypted email (which in previous experiments had already proven

’t claim to be X.509, and vendors frequently do. In an extreme case in the late 1990s a large organisation was sold deeply-buried PGP as X.509 when the supplier responsible decided that the customer would never be able to deal with X.509’s complexity. The customer was

users trying to make X.509 fit into their existing business processes so there’s no reason why you can’t do the same. If PGP can be X.509 (see “X.509 in Practice” on page 694) then there’s no reason why AADS can’t be X.509 as

problem of securing authority-toindividual communications, for example for tax filing purposes. The obvious (but in practice unworkable) solution is to use S/MIME or PGP-secured email. A much simpler approach is to use an SSL web server with appropriate access control measures. “Revocation” is handled by disabling access for

.org/certification/x509_certificates/pdfs/wimax_ca_users_overview.pdf. [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] “Is PGP X.509's secret weapon?”, Peter Gutmann, posting to the cryptography@metzdowd.com mailing list, message-ID E1LsDw2-0000ezUF@wintermute01.cs.auckland.ac.nz 10

E1OgKhk-0006UP-Fe@wintermute02.cs.auckland.ac.nz, 4 August 2010. [150] “The Evolution of PGP’s Web of Trust”, Phil Zimmermann and Jon Callas, in “Beautiful Security”, O’Reilly, 2009, p.107. [151] “Reflecting on PGP, keyservers, and the Web of Trust”, Greg Rose, posting to the cryptography@c2.net mailing list

531DABE1.5020006@witmond.nl. [155] “Codes of the Underworld”, Diego Gambetta, Princeton University Press, 2009. [156] “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”, Alma Whitten and J. D. Tygar, Proceedings of the 8th Usenix Security Symposium (Security’99), August 1999, p.169. [157] “Re: [hcisec] A

the application as part of their day-to-day work. For example the ground-breaking evaluation of PGP’s usability had users play the role of an election campaign manager running an election via PGP in the presence of hostile opposition campaign organisers [20]. Another aid to helping participants get into the

public key that endless HOWTOs and similar documents tell people to distribute to all and sundry is stored just a typo away in cacert.pem. PGP attempted to solve the problem in a similar manner by only allowing the public key components to be exported from a

PGP keyring even if the user specifies that the PGP private keyring be used as the source for the export. Unfortunately the PGP keyring naming convention was established during the MSDOS 8.3-filename days so it’s

some digital signature regimes, doesn’t help allay these concerns. This is particularly pernicious in the case of conventional secure email like S/MIME and PGP because if, long after the conversation has taken place, an attacker can recover the participants’ decryption keys then they have access to the complete contents

Guide to User Requirements Methods, Tools, and Techniques”, Catherine Courage and Kathy Baxter, Morgan Kaufmann, 2005. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”, Alma Whitten and J. D. Tygar, Proceedings of the 8th Usenix Security Symposium (Security’99), August 1999, p.169. “Legal Considerations in Phishing

Our Email”, Stephen Farrell, IEEE Internet Computing, Vol.13, No.1 (January/February 2009), p.82. “Off-the-Record Communication, or, Why Not To Use PGP”, Nikita Borisov, Ian Goldberg and Eric Brewer, Proceedings of the Workshop on Privacy in the Electronic Society (WPES’04), October 2004, p.77. “Unwrapping the

The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom?

by David Brin  · 1 Jan 1998  · 205pp  · 18,208 words

Peer-to-Peer

by Andy Oram  · 26 Feb 2001  · 673pp  · 164,804 words

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

by Kevin Mitnick, Mikko Hypponen and Robert Vamosi  · 14 Feb 2017  · 305pp  · 93,091 words

Habeas Data: Privacy vs. The Rise of Surveillance Tech

by Cyrus Farivar  · 7 May 2018  · 397pp  · 110,222 words

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words

GCHQ

by Richard Aldrich  · 10 Jun 2010  · 826pp  · 231,966 words

The Bitcoin Guidebook: How to Obtain, Invest, and Spend the World's First Decentralized Cryptocurrency

by Ian Demartino  · 2 Feb 2016  · 296pp  · 86,610 words

Working in Public: The Making and Maintenance of Open Source Software

by Nadia Eghbal  · 3 Aug 2020  · 1,136pp  · 73,489 words

Dark Mirror: Edward Snowden and the Surveillance State

by Barton Gellman  · 20 May 2020  · 562pp  · 153,825 words

Drugs 2.0: The Web Revolution That's Changing How the World Gets High

by Mike Power  · 1 May 2013  · 378pp  · 94,468 words

We Are Data: Algorithms and the Making of Our Digital Selves

by John Cheney-Lippold  · 1 May 2017  · 420pp  · 100,811 words

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery

by Raphaal Hertzog and Roland Mas  · 24 Dec 2013  · 678pp  · 159,840 words

Coders: The Making of a New Tribe and the Remaking of the World

by Clive Thompson  · 26 Mar 2019  · 499pp  · 144,278 words

Orwell Versus the Terrorists: A Digital Short

by Jamie Bartlett  · 12 Feb 2015  · 50pp  · 15,603 words

The Coming Plague: Newly Emerging Diseases in a World Out of Balance

by Laurie Garrett  · 31 Oct 1994  · 1,293pp  · 357,735 words

The Age of Cryptocurrency: How Bitcoin and Digital Money Are Challenging the Global Economic Order

by Paul Vigna and Michael J. Casey  · 27 Jan 2015  · 457pp  · 128,838 words

Possiplex

by Ted Nelson  · 2 Jan 2010