On Wed, 13 Sep 1995, Andy Brown wrote:
On Wed, 13 Sep 1995, Henry W. Farkas wrote:
If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped.
Useless I'm afraid. They have the source code and have disabled your "feature" and attached loud alarm bells to it.
I don't see whats wrong with removing any checking done by PGP. (ie don't keep a checksum or whatever) After all, they can't prove that you didn't just encrypt a pgp +makerandom file. Obviously, I would not want to use this "feature" in some cases, so make adding a checksum be an extra command line option. The new feature would of course not be backwards compatible, but there is no way to disable the "feature" and no way to attach loud alarm bells. Of course, you are then faced with giving them a key which you know will decrypt the file to gibberish. Ideally, you would steno the encrypted file. +---- Yih-Chun Hu (finger:yihchun@cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun@cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun@u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+