At 1:03 PM 10/20/96 +0000, James Morris wrote:
On Sat, 19 Oct 1996, Black Unicorn wrote:
4. Might be a good idea to review implementations of crypto.
Both James Woolsey and Stewart Baker made sly remarks about the reliability of crypto in the public domain. [...]
There was also an interesting comment made in session three of the Joint Australian/OECD Conference on Security, Privacy and Intellectual Property Protection in theGlobal Information Infrastructure, (Canberra, 7 - 8 February 1996), reportedly by a representative of the DSD:
"... PGP may not survive as a viable option for private security."
For the full quote, see: http://www.nla.gov.au/gii/sess3.html
(1) If I were faced with an opponent who had a crypto system I couldn't break, I would attempt to make him think I could break it so he would stop using it. AKA FUD. (2) If I could break his system, I would want him to continue using it. I would have to be very careful about how I used the material so he didn't catch on to the break. There are some wonderful examples of this logic in "The Code Breakers". (3) The devil is in the details. I still am not convinced that MacPGP has enough sources of entropy for its IDEA key generation. (But I am not convinced that it doesn't either.) I put integrating Jon Callas's entropy manager into MacPGP as a high priority. ------------------------------------------------------------------------- Bill Frantz | Tired of Dole/Clinton? | Periwinkle -- Consulting (408)356-8506 | Vote 3rd party. I'm | 16345 Englewood Ave. frantz@netcom.com | Voting for Harry Browne | Los Gatos, CA 95032, USA