[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP backdoor? (No, I'm not paranoid.)




Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
> 
> many peoples hear many things.  The difficult part is to figure out what
> is the validity of what ones hears.  I personnally heard a things or two,
> even if I am not involved in any way in the trade of crypto.  I heard them
> through outside channels, completely independently from any crypto-activist, 
> wether pro or con (CPunks et al or Govt).  Theses sources are of utmost
> qualifications.  Wether or not there is a "vast conspiracy" either to make
> us believe that, for an example, PGP *is* or *is not* crackable we *do not*
> know.

Whether there is a conspiracy to convince people to believe things
about PGP or not, there is no need to take PGP's characteristics on
faith. You can get out the source code and read it.

> Many opinions that PGP is secure rest on *actual* evaluation of our
> computing capabilities, actual or forecasted.  And experts are *very
> often* wrong.  Have a look at history of sciences... You'll realize
> that most accomplishments were held as impossible even shortly
> before they were discovered/created.

No change in algorithms occurred between PGP 2.3 and later versions,
so any claim that it was made breakable at that point cannot be made
on the basis that computing power is somehow now able to crack it when
it could not do so before.

> So, why waste bandwith with a post that apparently mainly seems to be aimed
> at dismissing somebody but brings *absolutely no* new knowledge to 
> the discussion?  Please, next time, post privately.  

I'm sorry, but I am bringing knowledge to the discussion. It is my
personal knowledge that PGP was built as well as the people who built
it knew how, and that it is believed to be free from major flaws by
them and those who have examined it. I do not believe that PGP is
totally bug free, and a subtle flaw in, say, the PRNG, or some other
spot, is not impossible. However, no such flaws were put in place
deliberately, and if such flaws exist they have escaped the notice of
literally hundreds of people examining the source code for problems.

Perry