No, you're not being paranoid, you're just believing someone who is, or else they're having a good time at your expense .... At 01:22 PM 2/28/96 -0800, Mark Bainter <Mark@adspp.com> wrote:
Now, I had heard about all the people who claimed the reason versions later than 2.3 wouldn't work with 2.3 was because of a backdoor for the government. I personally thought they were being paranoid.
You acquaintance, aside from his level of chemical enhancement (:-), doesn't have the facts straight. The 2.6-vs-2.3 incompatibility is to keep RSA's patent lawyers happy; 2.5 and later versions use RSAREF instead of Phil's homegrown RSA implementation, and the incompatibility lets them maintain the fiction that they're protecting their patent. The _technical_ reason they're incompatible is that the version number in the headers is different, and PGP has the good design sense not to mess with files that have a version number newer than the one they know how to read. Nothing more. The RSA implementation code is different, but you can look at it and see that it's functionally equivalent, and read all the nice legalese comments about how this stuff belongs to RSA and/or PKP and is patented in the US and other fine countries and not to be exported. Its primary difference is that it's a bit slower :-)
However, this guy tells me that he met Phil at defcon and phil told him that he co-operated with the government and gave them information that would enable them to crack key's for versions later than 2.3.
He may very well have met a guy called "Phil" at defcon who said that...... The one Phil that I know who's told the NSA how to break his crypto code was Phil Karn from Qualcomm, who had to explain to the NSA how to crack the too-short encryption they were being forced to use in their digital cellphones in return for being allowed to use that instead of yet-wimpier encryption. Phil knows crypto and security, and has commented on the stupidity and offensiveness of the whole process. He's also the guy suing the Feds to get export permission for the Applied Cryptography (compatible) source code disks, after getting export permission for the paper version. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281