[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a hole in PGP

> 	Clever back doors are not accomplished by an obvious program
> change, but rather by the subtle use of some technique that appears to
> do one thing when it actually does something else.  As a good example, a
> subtle interation with the rest of the environment could modify the key
> generation algorithm after it is loaded.  Unfortunately, PGP is too
> large to verify against such back doors, so I ask again:
> 	Why (specifically) do you think the MIT version of PGP has no
> backdoors and is not subject to attacks such as the one outlined in my
> previous posting?

This is a good question. 

Subtle backdoors hidden in such a program may be difficult to find out.
It might be more effective to use the PGP file format, to understand
pgp as a reference implementation, and to write you own pgp compatible
program where you can generate your keys etc. in the way you prefer.