-----BEGIN PGP SIGNED MESSAGE----- On Fri, 27 Aug 1993 01:46:57 -0400 (EDT), Mike Ingle <uunet!delphi.com!MIKEINGLE> wrote -
The most likely place for a bug would be in the randomness. I suppose it is possible that a one-line bug somewhere could leave out most of the randomness, making the keys still look random but actually be predictable. Random number generation is hard to verify. How has that in PGP been checked? The PGP source is so big and spread out, it's hard to check. I don't think there is a bug, but it would be nice if PGP were carefully examined and attacked. Where are these rumors coming from? They are bad for the cause.
Let's be realistic, Mike. The biggest threat to any security, on any basis, is the threat of human nature. The chances of someone factoring your PGP encoded message is somewhere in the range of slim-to-none, but the chances of someone (you) -physically- compromising their key is much, much higher. In fact, I'd venture to say that it's much higher than even you or I imagine, given the fact that some folks ignore what most of us would deem common sense and use PGP on a multi-user system (such as a SUN server, any other UNIX-flavored workstation, or even a Netware server). Fact Two: That's why you won't see messages from me either (a.) signed with PGP, or (b.) encrypted with PGP from any of my other e-mail accounts. All are UNIX (open) environments and I don't like the implications of the possibilities of my secret key being exposed, even if I do trust the folks I work with. Call me a schizoid. Cheers, -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLH6FrJRLcZSdHMBNAQEs1AP8D3ve8oRYIT4/Lne3LYY9xZWkghZFQyhH CcCdFhHfAyXeAnz6puIpSN+9zior4/W9pcgxK/EdcCt72hMOzTYQvWtFZVIE0nQA Fn+a5FkUwCLhvfiIqCSPvBjG8UvBt2RTuv7GN0IiIfMwzCeAkB9MTkoNQut48DGU thDLDXfnRxs= =0v11 -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp@sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson <fergp@sytex.com> Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58