[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Commercial PGP: Verifying Trustworthiness

> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk.

trust?  you could read the code, starting at about line 550 of crypto.c.
of course, you have to trust your eyes, your editor (if you use one),
and your operating system not to deceive you.  (i think i've carried
this too far.)

>                                              The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.

that is a big win, in my view, but the random prefix also also helps
defeat chosen plaintext attacks, does it not?