Newsgroups: sci.crypt,alt.privacy,comp.security.misc,comp.speech,alt.privacy.clipper,talk.politics.crypto
Path: cantaloupe.srv.cs.cmu.edu!das-news2.harvard.edu!news2.near.net!news.mathworks.com!gatech!news.sprintlink.net!news.clark.net!rahul.net!a2i!lila!dorsey
From: dorsey@lila.com (Bill Dorsey)
Subject: ANNOUNCE: Nautilus 0.9.1
Message-ID: <D8yzrD.CJD@lila.com>
Summary: fix for security hole
Keywords: privacy security fix
Organization: NOYB, Inc.
X-Newsreader: TIN [version 1.2 PL2]
Date: Mon, 22 May 1995 08:04:25 GMT
Lines: 172
Xref: glinda.oz.cs.cmu.edu sci.crypt:39142 comp.security.misc:17959 comp.speech:5681

-----BEGIN PGP SIGNED MESSAGE-----

Announcing Nautilus 0.9.1 (Beta Test)
=====================================

WHAT IS NEW IN THIS RELEASE?
- ----------------------------

Nautilus 0.9.0 was released on May 10th.  At that time it was our
intention to collect bug reports from users and release version 1.0 in
June with most of the bugs resolved, and maybe a couple of new
features.  However, a few days ago a problem in the key exchange
protocol was discovered by Dan Bernstein which has serious security
implications.  It allows an attacker who is answering a call initiated
by another Nautilus user to use a replay attack and compromise the
entire conversation.

The implications of this security problem come into play only when you
are using Nautilus to speak with someone whose voice you may not
immediately recognize.  For instance, if you have exchanged encrypted
email with someone you have never spoken with and agree on a pass
phrase in your mail, you could be vulnerable to an attack.  If an
imposter could intercept the call initiated by Nautilus, he could fool
the program into using a null crypto key and thus be able to fool the
user of the program into believing he was speaking with someone that
had typed the correct passphrase.

Nautilus 0.9.1 removes this threat by adding code which checks for
a replay attack and aborts the conversation with an alert to the
user if an attack is detected.  Furthermore, we have attempted to
fix the problem some users have reported with Nautilus failing to
communicate properly with their modems.  Nautilus 0.9.1 is 100%
backward compatible with the 0.9.0 release.

We still plan on releasing version 1.0 of Nautilus some time in the
month of June with more bug fixes and possibly some new features.

The rest of this announcement is virtually identical to the 0.9.0
announcement so if you have already seen the earlier one, just
connect to the nearest ftp site mentioned below to download the
0.9.1 release of Nautilus.

WHAT IS NAUTILUS?
- -----------------

Nautilus is a program that lets you have encrypted voice telephone
conversations with your friends without needing any special equipment.
Nautilus runs on IBM-PC compatible personal computers (386DX25 or
faster) as well as desktop Sun workstations running SunOS or Solaris.
The PC version requires a Soundblaster compatible sound card.  Both
versions need a high speed (9600 bps or faster) modem to work.  The
speech quality is pretty good at 14.4kbps and acceptable at 9600
bps.

Nautilus is the first program of this type that we know of to be
distributed for free with source code.  A few similar commercial
programs have been distributed without source, so that their security
cannot be independently examined.

HOW DOES IT WORK?
- -----------------

Nautilus uses your computer's audio hardware to digitize and play back
your speech using homebrew speech compression functions built into 
the program.  It encrypts the compressed speech using your choice of
the Blowfish, Triple DES, or IDEA block ciphers, and transmits the
encrypted packets over your modem to your friend's computer.  At the
other end, the process is reversed.  The program is half-duplex; just
hit a key to switch between talking and listening.

Nautilus's encryption key is generated from a shared secret passphrase
that you and your friend choose together ahead of time, perhaps via
email using PGP, RIPEM, or a similar program.  Nautilus itself does not
currently incorporate any form of public key cryptography.

Further details are in the release notes included with the program.

FTP SITES
- ---------

Nautilus is available in three different formats:

nautilus-0.9.1.tar.gz - full source code
naut090.zip           - MSDOS executable and associated documentation
naut090s.zip          - full source code

It is available at the following FTP sites:

ftp://ftp.csn.org:/mpj/I_will_not_export/crypto_???????/voice/
This is an export controlled ftp site: read /mpj/README for
information on access.

ftp://miyako.dorm.duke.edu/mpj/crypto/voice/
This is an export controlled ftp site: read /mpj/GETTING_ACCESS for
information on access.

It is also available at:

ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.1-source.tar.gz
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-0.9.1-source.zip
ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-0.9.1-exe.zip
This is an export controlled ftp site: read /pub/crypt/GETTING_ACCESS
for information on access.

INTERNATIONAL USE
- -----------------

Sorry, but under current US law, Nautilus is legal for domestic use in
the US only.  We don't like this law but have to abide by it while it
is in effect.  Nautilus is distributed through export-restricted FTP
sites for this reason.  Export it at your own risk.

IMPORTANT
- ---------

This is a BETA TEST VERSION of a BRAND NEW CRYPTOGRAPHY PROGRAM.
Although we've done our best to choose secure ciphers and protocols for
Nautilus, its design details have not yet been reviewed by anyone
except the authors, and it's VERY EASY to make mistakes in such
programs that mess up the security.  We advise against putting too much
faith in the security of the program until it has undergone a lot more
reviewing and debugging.  We encourage cryptographers and users alike
to examine and test the program thoroughly, and *please* let us know if
you find anything wrong.  We hope to release an updated version within
about one month fixing any serious bugs found in the current version,
though probably not having many new features.  Finally, although we'll
try to fix any bugs reported to us, WE CANNOT BE RESPONSIBLE FOR ANY
ERRORS.

CONTACTING THE DEVELOPERS
- -------------------------

Nautilus was written by Bill Dorsey, Pat Mullarky, and Paul Rubin.
To contact the developers, please send email to nautilus@lila.com.

This announcement, and the source and executable distribution files,
are all signed with the following PGP public key.  Please use it to
check the authenticity of the files and of any fixes we may post.  You
can also use it to send us encrypted email if you want.  We will try
to keep such email confidential, but cannot guarantee it.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi+tZx4AAAEEALUDK2d68thTyVmD5bXeBEELLFtAgNU6O+M+anooPjXr9sBD
7HsHt4VYtDNY3ecefQAFTzTrBwn9V7Ya2EwVttT2cTEiOj9O6mii+QvOXplxsyWo
SHsuLIjUzHqY9KvlDDMrBuVhs1qWdbXXax4uKB83kZUlABCVAinl/J//FNOFAAUT
tCdOYXV0aWx1cyBEZXZlbG9wZXJzIDxuYXV0aWx1c0BsaWxhLmNvbT6JAJUCBRAv
rWeHg1x2TS1X7GUBAYw4BACNBO/efXHqyMfFw8fzfwuUhHqGf4+VRbLWTvL6/JfH
9Vb8G7dhPQQvm6Q6KVnO6LyNskjb1d5noA03vIObC7hwTbr9sznohSd2OyRsTHiE
Zdqnx0uv+ypsK+ZTOs4uRoKLd2C4sMqdylKaoF2D7Ob7rCwaGucQBuom8L0C0O7n
eokAlQIFEC+tZ04p5fyf/xTThQEBe9EEAJS5fQWa7ev5Ke8Rpzx7zKqkbu7MyJS3
KSKIpsxyYqmx8k/9GmzNP4xxXUCjfro1zPp84WS3oeft0Qg9fOee09PFsjQ3yxI6
bH06tPO/mKmNrTGcLQmncrqyf4iOscBoIPYjXSSAG/ULz7Hwa2+vmjUkWk1K93BL
port+RWomAoq
=M+h4
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBL8A+Vynl/J//FNOFAQEOGQP+M2VN3kLptJ27mmx+vZY87rsOPBfhW7su
mUhEER4ExKn06rPJ87qH87POzf9dGOVs/3Ri9mM5YmCptzb5fGqNztiWnBl0t1zK
PDhmeVE6YkrUJoEcb+8cfPXLCXOIKpR1EdJEajFS49d0/M1p6/Kgy4Esz65+Ufuy
kkX6Kni+6AQ=
=ZIMz
-----END PGP SIGNATURE-----
-- 
Bill Dorsey	"Nothing that results from human progress is achieved
dorsey@lila.com	 with unamimous consent.  And those who are enlightened
PGP 2.X pubkey	 before the others are condemned to pursue that light
available	 in spite of the others."  -- Christopher Columbus
