[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [NTSEC] pgp 5.0 back door
- To: [email protected]
- Subject: Re: [NTSEC] pgp 5.0 back door
- From: Anonymous <[email protected]>
- Date: Mon, 29 Sep 1997 12:17:52 -0400
- Comments: This message was remailed by a FREE automatedremailing service. For additional information on this service,send a message with the subject "remailer-help" [email protected] The body of the message will bediscarded. To report abuse, contact the operator [email protected] Headers below this point wereinserted by the original sender.
- Sender: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Michael Warfield <[email protected]> writes to Ray Arachelian or somebody:
>... Phil Zimmerman is an absolute religous fanatic about backdoors!
>When ViaCrypt implimented a commercial escrow feature to give companies the
>ability to issues keys where they had a key escrow, he used that as a reason
>to break their contract. He had a "no backdoor" clause in the ViaCrypt
>agreement for PGP. After the US goverment tried to investigate Phil into
>bankruptcy for several years, I seriously doubt he would do ANYTHING
>to assist them except to assist them into a pit somewhere...
The PGP Web site in http://www.pgp.com/products/differences.cgi has a list
of differences between PGP 5.0 (personal PGP) and PGP 4.5.x (corporate
PGP). The corporate one includes a feature that the private one doesn't
called "message recovery". Given Phil's fanaticism outlined above, this
presumably isn't any way to get at the plaintext without the user's
knowledge or cooperation, but just what the heck IS it? I can't find a
description of the feature on-line. The manual itself is on-line in PDF,
which presumably answers this question for acrobat fans. I see nothing
about "message recovery" in the hard-copy PGP 4.5 manual.
For the guy who's concerned about backdoors in PGP 5.0 -- there's no
reason to believe there are any. There's source out there for you to
download, and you can browse it over and compile a copy for yourself.
I recommend buying a legal copy anyway, even if you are going to use
the one you compiled yourself, to encourage makers of strong crypto
for the masses -- if you're getting value, may as well pay for it
and feel good about yourself.
P.S. For CypherSaber CipherKnights: set your secret decoder ring
to "WriteYourCongressman" to decrypt this:
e91a 46d8 fba9 aaf5 927f 7a3f 1ded 8757 a741 4bb6 5568 3a5a f118 dc2b 11de
ebb3 e873 ffa1 d520 09ea 52b6 65c3 a42a 3d14 befa 0f3e ff09 e09a ad26 f877
aa84 4722 8ac3 770a 0aad 48a0 bf1e 9c51 2b1e a54f 8a7e 3e14 b0d1 3a84 8852
f9db d7ce 73b5 4066 d516 4d77 0395 37e2 b79c 9acd 6107 ecff 72bc e985 0ede
fcf0 eabd b903 9217 a0fc b95d 5ad7 3431 ba73 0d98 360b cef2 f863 ed54 8aa4
b0a9 6ed1 a2bb 8449 346f 1a7f f431 b8cf 95e3 b372 b0f5 c8a9 5ae1 622f d59f
c990 fd6d 3611 bc1e d842 82c7 c112 27d8 8b1e f3d8 f769 a10c d4f7 6360 dea4
f6cf feb3 e8c6 c72b 7b4a 03dc 00c4
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----