On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
I'm a new Cyberpunk! Probably wearing a set of Ono-Sendai eyeballs....
Last, I would like to know once and for all, is PGP compromised, is there a back door, and have we been fooled by NSA to believe it's secure?
You can read and compile the source code yourself. You can learn crypto to help you understand the strength of the algorithms. I'd recommend Bruce Schneier's "Applied Cryptography". You can look for bugs and subtle design flaws along with other people. There are un-subtle design flaws, like the DOSoid user interface :-), and there are philosophical arguments about whether an identity-based Web of Trust is the right trust model, and practical problems about how to support revocation correctly, but basically it's Pretty Good Privacy. On the other hand, there are other threats to think about. Is there a virus, software bug, or trojan horse that captures the keystrokes you type into your computer? If your passphrase is stolen, you lose. PGP can't tell; it's just software. What's on that yellow sticky note? Is the NSA listening for electronic signals from that dark van parked out in front of your house? They're pretty good these days. Your computer doesn't know, so PGP can't help you with it. Are you using PGP to keep business records (like that second set of books) which can be subpoenaed by a court? When the IRS seizes your computer and sees all those files with ------BEGIN PGP----- on them, can they force you to reveal the keys or at least the contents? PGP can't solve those problems for you. But it can keep amateurs like your local police department from reading the files you really care about until they haul you in front of a court where you can bring a lawyer. There are applications that PGP doesn't do, like keeping the blocks on your disk drive automagically encrypted - it just does things to files when you tell it to. But you can at least encrypt the critical stuff, and you can encrypt your email messages and other sensitive files you transmit across a network. Won't do any good for IRC... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk