At 6:53 PM 7/31/95, Dr. Fred said:
Why (specifically) do you think the MIT version of PGP has no backdoors and is not subject to attacks such as the one outlined in my previous posting?
<Metzger_mode("on")>
I've been watching this gark long enough, I think.
Look. If you're qualified, look at the PGP source and vet it yourself. If you aren't qualified, figure the market to be efficient in this instance and assume the stuff works.
One of the several points I tried (apparently unsuccessfully) to make is that with a program that large, it is impractical to verify that there are no subtle back doors - regardless of how knowledgeable or skilled you or I may be. Your "assumption of security" perspective is an inappropriate one unless you are trying to get people to use something that is not secure.
Stop wasting our time and bandwidth harassing the MIT folk about whether or not their code is clean. Such posturing won't wash around here.
The headers on the postings allow you to ignore them, but in the meanwhile, the subject matter is in line with this forum, and the questions are legitimate. You will have to do better than to appeal to authority to convince anyone that MIT's version of PGP is secure.
<Metzger_mode("off")>
Seriously, it may be an appeal to authority, but it can safely be assumed that PGP is clean, and that MIT is *not* involved with the NSA and the Red Leptons in a conspiracy to spy on our alt.binaries.pictures.erotica.stoats postings.
Why (specifically) do you think so? Because you claim it? Because the MIT maintainer claims it? You say MIT is not associated with the NSA, but they have historically been funded by the NSA and other federal agencies for work on information security. Do you really think that the only information protected by PGP is dirty pictures? Do you somehow think that MIT and the NSA are above that sort of thing? All you have to do is look at history, and it should be clear that this appeal to authority is often used by those trying to cover things up. If you know something about PGPs security that you aren't telling us, don't beat around the bush about it. Come out and say it. Tell us that you have proven that PGP has no backdoors and what method you used to do that. Tell us that you have hand verified all the code and that none of it overwrites the key generation process and tell us how you verified it. It cannot be safely assumed that any program is clean or that any one person or group is not involved with intentionally subverting security. That violates the fundamental principles of information protection. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236