[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ViaCrypt's PGP

> The only way ViaCrypt can prove that this isn't the case is to distribute
> the source code of _their_ product.  [Note: they do NOT have to include the
> RSA module source- if it's possible to examine the non-RSA code, and 
> instrument it (to prove that the session key is honestly generated 
> _AND_ transmitted/recovered correctly) then Thug's tests will be adequate
> to verify a lack of backdoors (as far as I can see- but I'm perhaps not
> as devious as a professional).

One could apply the same sabotage to the generation of RSA public
keys making any keys generated with ViaCrypt easily crackable.

Of course you could use PGP to generate keys.  And now what is
ViaCrypt useful for?  It's original purpose:  Establishing plausable

"Yes your honor, all these encrypted messages presented by the FBI
as Exibit A were generated by ViaCrypt which incidentally we have
a site licence for...  No sir, We've never used PGP."