[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: a hole in PGP
> Clever back doors are not accomplished by an obvious program
> change, but rather by the subtle use of some technique that appears to
> do one thing when it actually does something else. As a good example, a
> subtle interation with the rest of the environment could modify the key
> generation algorithm after it is loaded. Unfortunately, PGP is too
> large to verify against such back doors, so I ask again:
> Why (specifically) do you think the MIT version of PGP has no
> backdoors and is not subject to attacks such as the one outlined in my
> previous posting?
This is a good question.
Subtle backdoors hidden in such a program may be difficult to find out.
It might be more effective to use the PGP file format, to understand
pgp as a reference implementation, and to write you own pgp compatible
program where you can generate your keys etc. in the way you prefer.