--- Forwarded mail from Marc Horowitz <marc@Athena.MIT.EDU>
From owner-cypherpunks@toad.com Mon Aug 30 23:40:01 1993 Received: from relay2.UU.NET by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA14421; Mon, 30 Aug 93 23:39:57 -0700 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA10745; Tue, 31 Aug 93 02:40:50 -0400 Received: by toad.com id AA14781; Mon, 30 Aug 93 23:33:56 PDT Received: by toad.com id AA14701; Mon, 30 Aug 93 23:31:26 PDT Return-Path: <marc@Athena.MIT.EDU> Received: from Athena.MIT.EDU ([18.72.1.1]) by toad.com id AA14688; Mon, 30 Aug 93 23:31:23 PDT Received: from OLIVER.MIT.EDU by Athena.MIT.EDU with SMTP id AA00837; Tue, 31 Aug 93 02:28:59 EDT Received: by oliver.MIT.EDU (AIX 3.2/UCB 5.64/4.7) id AA14903; Tue, 31 Aug 1993 02:28:52 -0400 Message-Id: <9308310628.AA14903@oliver.MIT.EDU> To: bbyer@BIX.com Cc: honey@citi.umich.edu, cypherpunks@toad.com Subject: Re: Commercial PGP: Verifying Trustworthiness In-Reply-To: Your message of Tue, 31 Aug 93 00:14:18 -0400. <9308310014.memo.72462@BIX.com> Date: Tue, 31 Aug 93 02:28:52 EDT From: Marc Horowitz <marc@Athena.MIT.EDU>
Marc Horowitz <marc@Athena.MIT.EDU> said:
I dunno. The early versions of UNIX had a back door in the login [...] I've let a lot of stupid comments go by, but I have to respond to this one.
It is true that Dennis Ritchie (I believe, if not him, one of the other original UNIX authors) proposed such a login/compiler virus. But it wasn't in any early version of UNIX.
Stupid? Watch the flame bait...he merely overstated a touch. The back doors weren't part of any of the full distributions, it's true, but they were quite a bit more than proposals. Ken Thompson actually distributed those back doors via a compiler update, warning of a security problem and urging all sites to recompile. Most did, which inserted the back doors into the programs. That's close enough to the original claim. See the Ken Thompson & Dennis Ritchie Turing Award Lecture, which goes into detail about this. The level of sneakiness involved was amazing. Compilers are the ultimate security breach. Doug