-----BEGIN PGP SIGNED MESSAGE----- Announcing Nautilus 1.5: Secure Telephony for your Computer ============================================================ WHAT IS NAUTILUS? - ----------------- Nautilus is software which allows two users to hold a secure convers- ation with one another either over ordinary phone lines or over a computer network. Nautilus runs on IBM PC-compatible computers (386DX25 or faster) under MSDOS or Linux as well as audio-capable Sun workstations running SunOS or Solaris. The MSDOS version of Nautilus requires a Soundblaster compatible sound card and currently only runs over ordinary phone lines with a modem. In order to use Nautilus over ordinary telephone lines, a modem capable of connecting at 4800 bps or faster is required. Audio quality ranges from fair to very good depending on which of the four speech coders has been selected. Although the 4800 bps coder requires a 486DX50 or faster, we expect that it will enable cellular phone users to secure their sensitive telephone conversations with Nautilus and a laptop computer. Nautilus is distributed freely (subject to US export restrictions) with full source code. This insures that its security can be independently examined and verified. We believe that this is a necessary condition to be met before any security software can be trusted with important data. WHAT IS NEW IN THIS RELEASE? - ---------------------------- There are three major new features in this release. Network support (only available with Unix versions), Diffie-Hellman key exchange, and a new LPC speech coder capable of operating at less than 4800 bps. We have also developed a new and more robust communications protocol that should perform significantly better with less than perfect connections. Since major portions of Nautilus have been redesigned and rewritten in order to accomodate some of these changes, we regret to announce that this version of Nautilus is not compatible with earlier versions. New Feature Summary for Version 1.5: + Low bit-rate LPC coder (less than 4800 bps, very good audio quality) + Diffie-Hellman key exchange (with crypto hash/biometric authentication) + Network support (uses sockets) for Unix versions + Improved communications protocols for more reliable operation + Updated documentation The remainder of this announcement is similar to earlier Nautilus announcements, so if you have already seen earlier ones, just connect to the nearest ftp site mentioned below to download the 1.5 release of Nautilus. HOW DOES NAUTILUS WORK? - ----------------------- Nautilus uses your computer's audio hardware to digitize and play back your speech using advanced speech compression algorithms built into the program. It encrypts the compressed speech using your choice of the Blowfish, Triple DES, or IDEA block ciphers, and transmits the encrypted packets over the internet or your modem to your friend's computer. At the other end, the process is reversed. Nautilus operates in half duplex mode like a speakerphone -- only one person can talk at a time. Either user can hit a key to switch between talking and listening. Earlier versions of Nautilus generated an encryption key from a shared secret passphrase that you and your friend would choose together ahead of time. Beginning with version 1.5, Nautilus generates the encryption key using the Diffie-Hellman key exchange algorithm by default, although users may still revert to the secret passphrase method if they prefer. Further details are in the documentation file included with the program. WWW SITE - -------- For up-to-date information about the current status of Nautilus, pointers to ftp sites with Nautilus, pointers to URLs with information related to Nautilus, and more, see the Nautilus WWW page: http://www.lila.com/nautilus FTP SITES - --------- Nautilus is available in three different formats. As a DOS executable, it is available as an archive in zip format along with it's associated documentation. In source format, it is available as either a zip-ed archive, or a gzip-compressed tar archive. Note that if you wish to compile your own version of Nautilus you will need to get the RSAREF 2.0 library, which is available free for non-commercial use in the US and Canada from RSA Laboratories (anonymous ftp to rsa.com for details). Nautilus is available at the following FTP sites: ftp://ftp.csn.org:/mpj/I_will_not_export/crypto_???????/voice/ This is an export controlled ftp site: read /mpj/README for information on access. ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-1.5a-source.tar.gz ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-1.5a-source.zip ftp://ripem.msu.edu/pub/crypt/msdos/nautilus-phone-1.5a-exe.zip This is an export controlled ftp site: read /pub/crypt/GETTING_ACCESS for information on access. You may be able to find additional ftp sites using the "archie" ftp site locating program. See http://www.earn.net/gnrt/archie.html for more info. INTERNATIONAL USE - ----------------- Sorry, but under current US law, Nautilus is legal for domestic use in the US only. We don't like this law but have to abide by it while it is in effect. Nautilus is distributed through export-restricted FTP sites for this reason. Export it at your own risk. IMPORTANT - --------- We have done our best to choose secure ciphers and protocols for Nautilus. Earlier versions of the program have been reviewed by several experts. However, it is still VERY EASY to make mistakes which could compromise the security. We urge that users with very high security needs take an in-depth approach to protecting their privacy. See the Nautilus documentation file for more information. As usual, we encourage cryptographers and users alike to examine and test the program thoroughly, and *please* let us know if you find anything wrong. As always, although we'll try to fix any bugs reported to us, WE CANNOT BE RESPONSIBLE FOR ANY ERRORS. CONTACTING THE DEVELOPERS - ------------------------- The Nautilus development team is now made up of Bill Dorsey, Paul Rubin, Andy Fingerhut, Paul Kronenwetter, Bill Soley, and Pat Mullarky. To contact the developers, send email to . This announcement, and the source and executable distribution files, are all signed with the following PGP public key. Please use it to check the authenticity of the files and of any fixes we may post. Note that this PGP public key differs from the one posted last year with the 1.0 release of Nautilus. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjGpL2QAAAEEALa5+7iMr/mTZc0+hpCY03y1cLSrZjEDCfGKDNr1dBvLj9O5 xnNagh1WWXhCccvzsva0Qs7+9H+IwJCCEqsOuA76aTf0wfLnJ6U5lwbcmB9jlter D1bgVNRP20zWOP+MwU4uaUWib3l10RtDZM99kadlJNzT2PYq0vai5J3+/toJAAUR tCdOYXV0aWx1cyBEZXZlbG9wZXJzIDxuYXV0aWx1c0BsaWxhLmNvbT6JAJUCBRAx qTApg1x2TS1X7GUBATEnA/9+v4yEygNsxy05zYBLjKwI3E3FEUXMh7GjSfF+yp4b iencWiErdsoiZl5fMzhAIzfrECaiHNFhSVokaXHjVL/SSlPfB/RF9LpekCxM4HKy DGFxJlYfFelpvLXnhWy8tw3xMM8h40YinH/JFI7I4WLBAqFC7JwKXaoh5bbFwpVw 4A== =YRNN - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBMal0FPai5J3+/toJAQF9mgP/cLXgbzosKxhrXbrWHpo0l+CS90yZfcmP erCKWgdTKbm3xcqQ+fZmUDa6dM1jTt8ZjrEsjImoNn2Ucy+R/NpIOwKcez2FYkfl FwOvQIdUL/2QhvbVXem+uYCQyqeN/lARcwqXgYkEKHxcM3eayDEhu1vAOE3+MRRN JwhpFZWZBOo= =tKUo -----END PGP SIGNATURE-----