[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Viacrypt PGP source code unavailable



I spoke briefly with Phil Zimmermann about the ViaCrypt deal this
afternoon.  He explained, as I understood it, that the company was
contractually obligated to use their own version of the RSA library.
This code is apparently proprietary and so the source is not currently
planned to be released.  Phil indicated, though, that he will discuss
this issue with ViaCrypt, and hopefully some solution can be found which
will satisfy users.

It was not clear to me whether the random-number code from PGP would be
retained.  I suspect that it will be, though, which would mean that if
you started with identical randseed.bin files, and RSA-encrypted identical
files, that the two programs should produce identical output.  PGP uses
the contents of this file to initialize its random number generator.

(PGP does put some random data at the beginning of the plaintext before
encryption, as was described; this is to make cryptanalysis harder, since
the first few bytes of the plaintext will not be known.  Again, this
random data is based on the contents of the randseed.bin file.)

To address a few other points that were made:  Phil reiterated his strong
committment to keep the freeware version of PGP at least as up-to-date as
the commercial version.  This is not a case where the freeware version will
be left to languish.  In fact, Phil expects the commercial version to be
based on the freeware version, with advances occuring first in the freeware
code.

As to whether individuals will pay $100 or more for a legal version, that
remains to be seen.  In some ways the same question can be asked about many
commercial packages, for which pirated versions are available for free
from friends or user groups.  Yet still some people pay for software because
they feel better using a legal version.  People who feel this way would
perhaps also prefer a legal version of PGP.

Hal Finney
[email protected]