Alan Olsen hunt and pecked:
At 08:30 PM 3/12/97 -0700, TruthMonger wrote:
Alan Olsen wrote:> >
an7575@anon.nymserver.com writes:
> The use of PGP=>2.5 suddenly became a 'non-issue' for use in the U.S. because they use both the algorithm and sub-routines developed by the NSA and the Military.
I always wonder where these people get their information. I know people who know little to nothing about cryptography, but "they know PGP has been broken".
I always wonder why there seem to be so many lame fucks on the cypherpunks list who, rather than responding to the posts on the list, seem to be responding to some broken recording going on in their own head. Naturally, these lame fucks never have a direct quote available to match the words inside their heads that they purport to place in the mouths of others.
The problem is burden of proof. You made a claim with no evidence or facts to back it up. You made the statement that PGP >2.5 was comprimised. When asked for something more that assertion, you go off on a screed. Are you retracting that claim? Do you have something you want to share with the rest of the class?
Now that you seem to have actually read what I have written, perhaps you might consider reading what you, yourself, have written. I stated my case for contending that PGP=>2.5 has been compromised, and got back wild-eyed demands for proof of that which I did not claim, mainly, that PGP had been 'broken.' To reiterate my original observations: 1. The development of RSA was funded and controlled by the spooks. i.e. - The National Science Foundation and the Navy. 2. The campaign of persecution against Phil Zimmerman ground to a halt once he agreed to PGP using the spook-developed RSAREF subroutines to implement the RSA functions, instead of PGP's original subroutines. If people with guns came to me and told me that software I had written now had to use their subroutines, instead of my own, then I would consider my software 'compromised', regardless of whether or not I could immediately discern any anomalies in it. It is far, far easier to 'build' a back-door, than to 'find' one. It never fails to amaze me how the back-doors that software makers intentionally build into their products for their own convenience suddenly become 'bugs' when hackers, among others, take advantage of them. One hacker I know used to find most of his hacks into AT&T UNIX by screwing up his system (i.e. - corrupting the passwd file) and then calling in the AT&T support techs and observing their tricks and techniques (and then improving on them). In regard to the question of whether RSA's spookware has some type of back-door, or has been 'broken', the answers to these questions are moot, from my point of view, because I do not intend to base my privacy and security only on programs developed by even the most well-intentioned of others. TruthMonger