Newsgroups: sci.crypt,alt.privacy,comp.security.misc,comp.speech,alt.privacy.clipper,talk.politics.crypto
Path: cantaloupe.srv.cs.cmu.edu!nntp.club.cc.cmu.edu!miner.usbm.gov!rsg1.er.usgs.gov!jobone!newsxfer.itd.umich.edu!agate!howland.reston.ans.net!news.sprintlink.net!news.clark.net!rahul.net!a2i!lila!dorsey
From: dorsey@lila.com (Bill Dorsey)
Subject: ANNOUNCE: Nautilus 0.9.2
Message-ID: <D9x1Gp.Kqs@lila.com>
Summary: new features and bug fixes
Keywords: phone privacy clipper
Organization: NOYB, Inc.
X-Newsreader: TIN [version 1.2 PL2]
Date: Fri, 9 Jun 1995 17:19:36 GMT
Lines: 170
Xref: glinda.oz.cs.cmu.edu sci.crypt:39715 comp.security.misc:18316 comp.speech:5862

-----BEGIN PGP SIGNED MESSAGE-----

Announcing Nautilus 0.9.2 (Beta Test)
=====================================

WHAT IS NEW IN THIS RELEASE?
- ----------------------------

Nautilus 0.9.2 is the third release of Nautilus.  Nautilus 0.9.0 was
released on May 10th, and Nautilus 0.9.1 was released on May 22nd.
Version 0.9.2 corrects all known security problems to date --
specifically, the replay attacks discovered by Dan Bernstein and Colin
Plumb.  Unfortunately, in order to prevent the replay attacks, we have
been forced to alter the protocol in a way that is incompatible with
previous releases.  Thus, Nautilus 0.9.2 will not interoperate with
versions 0.9.0 or 0.9.1.  We will endeavor to keep things compatible
in the future, but until version 1.0 comes out, users should expect
things like this to happen occasionally.

In addition to fixing security problems present in earlier releases,
version 0.9.2 adds some new features.  We have added a 6400 bps coder
which sounds almost as good as the 8500 bps coder and should enable
many cellular modem users to use Nautilus.  In addition, we have
doubled the amount of audio data used to seed our random number
generator and added a test to warn the user if there is insufficient
entropy in the audio input (like if you leave your microphone turned
off or unplugged when you execute the program).  Finally, we have
improved the documentation somewhat, fixed a few other minor bugs, and
added a runtime-configurable modem reset string which allows you to
reset your modem to your usual values after Nautilus has completed
running.

The remainder of this announcement is virtually identical to the 0.9.1
announcement, so if you have already seen the earlier one, just connect
to the nearest ftp site mentioned below to download the 0.9.2 release
of Nautilus.

WHAT IS NAUTILUS?
- -----------------

Nautilus is a program that lets you have encrypted voice telephone
conversations with your friends without needing any special equipment.
Nautilus runs on IBM-PC compatible personal computers (386DX25 or
faster) as well as desktop Sun workstations running SunOS or Solaris.
The PC version requires a Soundblaster compatible sound card.  Both
versions need a high speed (9600 bps or faster) modem to work.  The
speech quality is pretty good at 14.4kbps and acceptable at speeds
as low as 7200 bps.

Nautilus is the first program of this type that we know of to be
distributed for free with source code.  A few similar commercial
programs have been distributed without source, so that their security
cannot be independently examined.

HOW DOES IT WORK?
- -----------------

Nautilus uses your computer's audio hardware to digitize and play back
your speech using homebrew speech compression functions built into 
the program.  It encrypts the compressed speech using your choice of
the Blowfish, Triple DES, or IDEA block ciphers, and transmits the
encrypted packets over your modem to your friend's computer.  At the
other end, the process is reversed.  The program is half-duplex; just
hit a key to switch between talking and listening.

Nautilus's encryption key is generated from a shared secret passphrase
that you and your friend choose together ahead of time, perhaps via
email using PGP, RIPEM, or a similar program.  Nautilus itself does not
currently incorporate any form of public key cryptography.

Further details are in the release notes included with the program.

FTP SITES
- ---------

Nautilus is available in three different formats:

nautilus-0.9.2.tar.gz - full source code
naut090.zip           - MSDOS executable and associated documentation
naut090s.zip          - full source code

It is available at the following FTP sites:

ftp://ftp.csn.org:/mpj/I_will_not_export/crypto_???????/voice/
This is an export controlled ftp site: read /mpj/README for
information on access.

ftp://miyako.dorm.duke.edu/mpj/crypto/voice/
This is an export controlled ftp site: read /mpj/GETTING_ACCESS for
information on access.

ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-0.9.2-source.zip
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-0.9.2-exe.zip
This is an export controlled ftp site: read /pub/crypt/GETTING_ACCESS
for information on access.

It is also available at:

Colorado Catacombs BBS - (303) 772-1062

INTERNATIONAL USE
- -----------------

Sorry, but under current US law, Nautilus is legal for domestic use in
the US only.  We don't like this law but have to abide by it while it
is in effect.  Nautilus is distributed through export-restricted FTP
sites for this reason.  Export it at your own risk.

IMPORTANT
- ---------

This is a BETA TEST VERSION of a BRAND NEW CRYPTOGRAPHY PROGRAM.
Although we've done our best to choose secure ciphers and protocols for
Nautilus, its design details have not yet been reviewed by anyone
except the authors, and it's VERY EASY to make mistakes in such
programs that mess up the security.  We advise against putting too much
faith in the security of the program until it has undergone a lot more
reviewing and debugging.  We encourage cryptographers and users alike
to examine and test the program thoroughly, and *please* let us know if
you find anything wrong.  We hope to release an updated version within
about one month fixing any serious bugs found in the current version,
though probably not having many new features.  Finally, although we'll
try to fix any bugs reported to us, WE CANNOT BE RESPONSIBLE FOR ANY
ERRORS.

CONTACTING THE DEVELOPERS
- -------------------------

Nautilus was written by Bill Dorsey, Pat Mullarky, and Paul Rubin.
To contact the developers, please send email to nautilus@lila.com.

This announcement, and the source and executable distribution files,
are all signed with the following PGP public key.  Please use it to
check the authenticity of the files and of any fixes we may post.  You
can also use it to send us encrypted email if you want.  We will try
to keep such email confidential, but cannot guarantee it.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi+tZx4AAAEEALUDK2d68thTyVmD5bXeBEELLFtAgNU6O+M+anooPjXr9sBD
7HsHt4VYtDNY3ecefQAFTzTrBwn9V7Ya2EwVttT2cTEiOj9O6mii+QvOXplxsyWo
SHsuLIjUzHqY9KvlDDMrBuVhs1qWdbXXax4uKB83kZUlABCVAinl/J//FNOFAAUT
tCdOYXV0aWx1cyBEZXZlbG9wZXJzIDxuYXV0aWx1c0BsaWxhLmNvbT6JAJUCBRAv
rWeHg1x2TS1X7GUBAYw4BACNBO/efXHqyMfFw8fzfwuUhHqGf4+VRbLWTvL6/JfH
9Vb8G7dhPQQvm6Q6KVnO6LyNskjb1d5noA03vIObC7hwTbr9sznohSd2OyRsTHiE
Zdqnx0uv+ypsK+ZTOs4uRoKLd2C4sMqdylKaoF2D7Ob7rCwaGucQBuom8L0C0O7n
eokAlQIFEC+tZ04p5fyf/xTThQEBe9EEAJS5fQWa7ev5Ke8Rpzx7zKqkbu7MyJS3
KSKIpsxyYqmx8k/9GmzNP4xxXUCjfro1zPp84WS3oeft0Qg9fOee09PFsjQ3yxI6
bH06tPO/mKmNrTGcLQmncrqyf4iOscBoIPYjXSSAG/ULz7Hwa2+vmjUkWk1K93BL
port+RWomAoq
=M+h4
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBL9f4JCnl/J//FNOFAQGqYwQAlEuBwCKkJptXk6DzixtHYFuiA1A0GWHF
/sq9WNpRVkM79K8ZrBJwkuokRrlw0pMrzClx7U8sIGeylaHqeXDCknhv8QYBHSo7
A22f80XD85vlZCNs9NnxOE+igD2JqbTGtJTPyCnGIh1YVp1FuchM5dOocN/S27eW
8GDGJ7xyc8Q=
=mWMQ
-----END PGP SIGNATURE-----

-- 
Bill Dorsey	"Nothing that results from human progress is achieved
dorsey@lila.com	 with unamimous consent.  And those who are enlightened
PGP 2.X pubkey	 before the others are condemned to pursue that light
available	 in spite of the others."  -- Christopher Columbus
