Re: PGP backdoor? (No, I'm not paranoid.)

[cmca@alpha.c2.org (Chris McAuliffe)]

-----BEGIN PGP SIGNED MESSAGE-----

[To: Mark Bainter <Mark@adspp.com>]
[cc: cypherpunks@toad.com]
[Subject: Re: PGP backdoor? (No, I'm not paranoid.) ]
[In-reply-to: Your message of Wed, 28 Feb 96 13:22:01 PST.]
             <3134C779.7C84@adspp.com> 

>I was recently speaking with a newly-made aquaintence, and we were 
>discussing the merits of various encryption systems.  Now, I had heard
>about all the people who claimed the reason versions later than 2.3 
>wouldn't work with 2.3 was because of a backdoor for the government.  I 
>personally thought they were being paranoid.  However, this guy tells me 
>that he met Phil at defcon and phil told him that he co-operated with 
>the government and gave them information that would enable them to crack 
>key's for versions later than 2.3.   I don't know whether to believe him 
>or not, as I said earlier he is not a long-time friend or anything, so he 
>could just be lying to me.  If anyone has any information on this I would 
>appreciate it.

Utter rubbish. You can look at the source code and easily convince
yourself that there is no backdoor. I have personally done this for the
key generation bit, and I know others who have done it for the
on-the-fly encryption. Also, 2.6ui (old version) was based on 2.3 and
interoperated fine -- it had no back doors.

What 2.6 *did* have was a built-in incompatibility with old versions, in
an attempt to make people upgrade to a version which got Phil out of
some patent-raleted hot water.

Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBMTT9GoHskC9sh/+lAQE7FwP/dD9cN6e+g7Oji0STXHWqykfJQikQ/mrT
AjQIRuomGQ+ce+R3grZcFKcvNcn8iDg5czV/K+F5Ix2apSrssnKCs0xPst1a2MD1
iWGnxP2QbkjSMfr9YziF7WBUAQCYQwM2zKrDPKF7n8u2F4MvNCbgtL1pmzCiYlOq
jN1G7EyXNpk=
=ln+P
-----END PGP SIGNATURE-----