[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: .Comparing ViaCrypt and freeware.
In article <[email protected]>,
peter honeyman <[email protected]> wrote:
: i'm impressed. (honest.) but the task here isn't to compare viacrypt
: to pgp -- they use different rsa engines -- it's validating that viacrypt
: doesn't have a backdoor. the diff scheme you describe presupposes that
: this step has been done, but it has not, and i think it would be very,
: very hard to do.
My understanding is that the two pieces of software are very
similar. A full decompile and analysis would be a pain (but
doable and worthwhile, if one is paranoid enough) but I don't
think it's necessary.
My thought is that once one has isolated the differences, those
alone would get scrutinized. One would isolate the rsa engines by
difference, pretty up the code, and then verify that it doesn't
have any backdoors. So long as the two versions are closely
related, the code that has to be understood apart from pgp should
be relatively small and that would make the verification process
much easier.