wyle@solaris.UUCP (Mitchell Wyle) (01/19/89)
I am in need of a simple encryption scheme for mail messages which can be used by many different mail readers. I'd prefer if it could work with mh, mailx, /usr/ucb/Mail, mm, and mush. A simple "pager" such as more with encryption built-in might do the trick. A mail administrator (Hi Hannes!) here reads my mail as it goes out, and I assume he reads mail when it arrives as well. Please flame him at: lubich%komsys.inf.ethz.ch@relay.cs.net or lubich@ethz.uucp. There are some standards coming in this regard, but I'd prefer something I can use now. Thanks, -Mitch (wyle@ethz.uucp) -- -Mitchell F. Wyle wyle@ethz.uucp Institut fuer Informationsysteme wyle@inf.ethz.ch ETH Zentrum / 8092 Zurich, Switzerland +41 1 256 5237
MICHAEL@MAINE (01/23/89)
I can't quite tell where you are located, but if it is inside the USA then your mail administrator should know that by reading your mail as it comes and goes he is (unless he can reasonably cite system security, which I doubt) breaking the law. There is a law in this country (PL99-508, "The Electronic Communications Privacy Act of 1986") that specifically prohibits intercepting and reading of electronic mail and other forms of electronic communication. You could probably sue him and win on the grounds of privacy invasion. Secondly, a good simple encryption scheme is ROT-13, but it does not require a key, so your administrator could also decrypt your stuff, assuming he reads this and wants to continue his illegal activity. Just rotate each alphabetic letter through the alphabet 13 positions. Thus, 'A' becomes 'N' and 'Z' becomes 'M', etc. To reverse it, simply do the same rotation again and things go back to their previous state. Hope this helps you. Michael Johnson "We are the Priests of the Temples University of Maine System of Syrinx. Our great computers fill Computing and Data Processing Services the hallowed halls." - Neil Peart
steve@raspail.UUCP (Steve Schonberger) (01/25/89)
In article <1119MICHAEL@MAINE>, MICHAEL@MAINE writes: > I can't quite tell where you are located, but if it is inside the USA then > your mail administrator should know that by reading your mail as it comes > and goes he is (unless he can reasonably cite system security, which I doubt) > breaking the law. There is a law in this country (PL99-508, "The Electronic > Communications Privacy Act of 1986") that specifically prohibits intercepting > and reading of electronic mail and other forms of electronic communication. This is not correct. Any place that provides mail may choose whether to be follow this law or not. The law is that a mail provider must do everything possible to ensure the privacy of communications if they say their mail is private. By saying their mail is private, they bring themselves under the same body of law that keeps the Post Office and telephone companies from inspecting communications that they pass. The advantage of this to a mail provider is that having the provider legally bound to be secure is a good selling point, because people like secure mail. The disadvantage is that they are liable for criminal (not just civil) penalties if they breach that privacy, and possibly civil penalties if someone outside their organization invades their privacy through flaws in their security. If someone is unable to provide communication security comparable to a telephone conversation (the case with _all_ mail going through the net), doesn't want to bother making it that secure (the case within most sites), or just doesn't want to put themselves at legal risk, they can state that their system is not guaranteed secure, at which point they can do whatever they feel like to their mail. A lot of local bulletin board systems I use have statements saying that it is not their policy to read or alter mail, but that they refuse to guarantee that it is secure. By saying this they free themselves of any legal responsibility connected with that law. I do not know what that law says about the default case. In other words, I am not sure if a mail provider is assumed to guarantee privacy if they don't specifically disclaim it, or if they are assumed to disclaim it unless they specifically guarantee it. I'd be curious to know, if anyone can provide a direct quote of the law on that matter. To bring this all back to the topic of this newsgroup, I think that the only way you can expect mail to be private, legal guarantees or not, is to encrypt it. A standard mail header to indicate encryption would be a good thing, though the message looking like garbage data accomplishes the same thing. Steve Schonberger steve@raspail.uucp raspail!steve@shamash.cdc.com ...!uunet!rosevax!shamash!rapail!steve
steved@longs.LANCE.ColoState.Edu (Steve Dempsey) (01/27/89)
In article <1178@raspail.UUCP>, steve@raspail.UUCP (Steve Schonberger) writes: > In article <1119MICHAEL@MAINE>, MICHAEL@MAINE writes: >> [in article <508@solaris.UUCP> wyle@solaris.UUCP (Mitchell Wyle) writes:] >> [looking for a simple encrypton method because his mail is watched] > > [lengthy discussion about legal aspects of the SA's rights & wrongs > regarding interception and perusal of private mail DELETED] Ok, this poor fellow asks for a simple way to protect his private e-mail, and what does he get? A meta-discussion on legalities. Well, here is my suggestion for implementing the simple encryption in a UNIX environment: The sender: % crypt < msg.txt > cypher (use previously agreed-upon key) % uuencode cypher < cypher > cypher.uu % mail whoever@wherever -s crypted_message < cypher.uu The recipient: % mail (receive mail, save in appropriate file) % uudecode cypher.uu % crypt < cypher > msg.txt (must have same key as sender) % more msg.txt Simple enough? Of course, you'll have to communicate the crypt key by some other means in advance. Steve Dempsey, Center for Computer Assisted Engineering Colorado State University, Fort Collins, CO 80523 +1 303 491 0630 INET: steved@longs.LANCE.ColoState.Edu, dempsey@handel.CS.ColoState.Edu UUCP: boulder!ccncsu!longs.LANCE.ColoState.Edu!steved, ...!ncar!handel!dempsey
krueger@ndmath.UUCP (Andreas Krueger) (01/28/89)
In article <1073@ccncsu.ColoState.EDU>, steved@longs.LANCE.ColoState.Edu (Steve Dempsey) writes: > >In article <1178@raspail.UUCP>, steve@raspail.UUCP (Steve Schonberger) writes: > >In article <1119MICHAEL@MAINE>, MICHAEL@MAINE writes: > >> [in article <508@solaris.UUCP> wyle@solaris.UUCP (Mitchell Wyle) writes:] > >> [looking for a simple encrypton method because his mail is watched] > > > > [lengthy discussion about legal aspects of the SA's rights & wrongs > > regarding interception and perusal of private mail DELETED] > > Ok, this poor fellow asks for a simple way to protect his private e-mail, > and what does he get? A meta-discussion on legalities. Well, here is > my suggestion for implementing the simple encryption in a UNIX environment: > > [A few lines of commands using "crypt" which would do the job] Unfortunately, legal aspects aren't quite over if this poor fellow is not in the US, for (quote from man crypt): > RESTRICTIONS > This program is not available on software shipped outside > the U.S. krueger@ndmath.math.nd.edu (* Disclaimer: Restrictions quoted herein are not my own *)
tli@sargas.usc.edu (Tony Li) (01/29/89)
Crypt isn't the best thing to use. There's a package called Crypt Breakers Workbench that has been posted which is quite useful when trying to break a crypt'ed file. Tony Li - USC University Computing Services - Dain Bramaged. Uucp: oberon!tli Bitnet: tli@kylara, tli@ramoth Internet: tli@sargas.usc.edu
prc@maxim.ERBE.SE (Robert Claeson) (02/05/89)
In article <1298@ndmath.UUCP>, krueger@ndmath.UUCP (Andreas Krueger) writes: > Unfortunately, legal aspects aren't quite over if this poor > fellow is not in the US, for (quote from man crypt): > > > RESTRICTIONS > > This program is not available on software shipped outside > > the U.S. So let's use DES instead. Even though not included in the export versions of UNIX, it's universally available and the algorithms are well-known. One can even use it to send mail to Russia :-). -- Robert Claeson, ERBE DATA AB, P.O. Box 77, S-175 22 Jarfalla, Sweden "No problems." -- Alf Tel: +46 758-202 50 EUnet: rclaeson@ERBE.SE uucp: uunet!erbe.se!rclaeson Fax: +46 758-197 20 Internet: rclaeson@ERBE.SE BITNET: rclaeson@ERBE.SE
zap@front.se (Svante Lindahl) (02/09/89)
In article <485@maxim.ERBE.SE>, prc@maxim.ERBE.SE (Robert Claeson) writes: # In article <1298@ndmath.UUCP>, krueger@ndmath.UUCP (Andreas Krueger) writes: [ crypt is no good 'cause: ] # > > RESTRICTIONS # > > This program is not available on software shipped outside # > > the U.S. # So let's use DES instead. Even though not included in the export versions # of UNIX, it's universally available and the algorithms are well-known. Yes, definitely available: In volume 10 of comp.sources.unix (summer '87): des DES encryption routines and a login front-end In volume 7 of comp.sources.unix (fall '86): des Purported DES program in C Also available in volume 10: cbw (5 parts) Crypt Breaker's Workbench -- Svante