[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP backdoor? (No, I'm not paranoid.)



No, you're not being paranoid, you're just believing someone who is,
or else they're having a good time at your expense ....

At 01:22 PM 2/28/96 -0800, Mark Bainter <[email protected]> wrote:
> Now, I had heard about all the people who claimed the reason versions 
> later than 2.3 wouldn't work with 2.3 was because of a backdoor for the
government.
> I personally thought they were being paranoid. 

You acquaintance, aside from his level of chemical enhancement (:-),
doesn't have the facts straight.  The 2.6-vs-2.3 incompatibility is
to keep RSA's patent lawyers happy; 2.5 and later versions use RSAREF
instead of Phil's homegrown RSA implementation, and the incompatibility
lets them maintain the fiction that they're protecting their patent.

The _technical_ reason they're incompatible is that the version number
in the headers is different, and PGP has the good design sense not to
mess with files that have a version number newer than the one they
know how to read.  Nothing more.  The RSA implementation code is different,
but you can look at it and see that it's functionally equivalent,
and read all the nice legalese comments about how this stuff belongs to RSA
and/or PKP
and is patented in the US and other fine countries and not to be exported.
Its primary difference is that it's a bit slower :-)

> However, this guy tells me that he met Phil at defcon and phil told him
> that he co-operated with the government and gave them information 
> that would enable them to crack key's for versions later than 2.3.  

He may very well have met a guy called "Phil" at defcon who said that......

The one Phil that I know who's told the NSA how to break his crypto code
was Phil Karn from Qualcomm, who had to explain to the NSA how to crack
the too-short encryption they were being forced to use in their digital
cellphones
in return for being allowed to use that instead of yet-wimpier encryption.
Phil knows crypto and security, and has commented on the stupidity and 
offensiveness of the whole process.  He's also the guy suing the Feds
to get export permission for the Applied Cryptography (compatible) 
source code disks, after getting export permission for the paper version.

#--
#				Thanks;  Bill
# Bill Stewart, [email protected] / [email protected] +1-415-442-2215
# http://www.idiom.com/~wcs     Pager +1-408-787-1281