[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Concerned about Pretty Safe Mail for Mac

To: [email protected]
Subject: Concerned about Pretty Safe Mail for Mac
From: [email protected] (Anonymous)
Date: Sat, 18 Jan 1997 23:41:21 +0100 (MET)
Organization: Replay and Company UnLimited
Sender: [email protected]

  I'm concerned about the product "Pretty Safe Mail" for the Macintosh,
by a company called Highware. I was wondering whether anyone here had
tried evaluating it at all.

  It is a complete PGP implementation (not a front-end). They claim
to have licensed some of PRZ's code from PGP. However, as far as I
can tell, they are not making any of the source code available.

  As someone on the comp.security.pgp newsgroups pointed out, writing
a wonderful user interface on a PGP trojan horse that either crippled
the session key generator or used the session key to leak random
portions of secret key primes would be a perfect tactic for a
government wishing to penetrate PGP security. With such a great
interface, compared to the original PGP, it can't help but become
widely used.

  I realize that without the source code, it's a major hassle, but
has anyone looked at Pretty Safe Mail (previously called Safemail)
at all for suspicious behavior? For example:

  1) non-random session key generation?
  2) non-random key pair generation?
  3) unnecessary disk access to secret keys?
  4) anything else?

  Any findings, positive or negative, would be appreciated.

Prev by Date: One time pads, Next question?
Next by Date: GSM technology
Prev by thread: One time pads, Next question?
Next by thread: GSM technology
Index(es):
- Date
- Thread