I talked once again with Dave Barnheart at ViaCrypt, and he told me:
A) No source code will be available, due to the nature of the agreement between PKP and ViaCrypt.
So in answer to (Paul Goggin's?) questions about verification of changes, "We'll Just Have To Trust Them(tm)" <g>
PUBLIC NOTICE: The question below reflects the curiosity of a cryptologically, and mathematically, fairly naive user of PGP. Isn't there some way to black box it the way engineers do with circuits? If you control the inputs, randseed, message, keys etc. that goes into each copy of the program aren't you going to be able to compare the outputs directly. Or are they going to be different everytime because of some randomization I am unaware of? remember the naive part :-) You may not be able to break PGP with a plaintext attack, but all you really need to know is that the output of the unsourced VIACrypt gives the same result as the freeware, don't you? Awaiting enlightenment, please be gentle it's my first time :-} C. J. Leonard <cjl@micro.med.cornell.edu