I received the following comments on ViaCrypt from Phil Z. Reposting
here with permission. I'll try to forward a summary of your comments.
====================================================================
Subject: Re: Your visit
To: spectrx!edgar (Edgar W. Swank) *Edgar*
Date: Wed, 1 Sep 93 20:40:08 MDT
From: Philip Zimmermann
Hello Edgar. Thanks for your hospitality. I enjoyed our conversations
during my visit.
The PKP/Viacrypt contract requires that ViaCrypt use THEIR OWN RSA
cryptographic engine, not PKP's or RSADSI's. I will be working closely
with them to ensure that they do a good job on that. Actually, RSA
calculations are fairly straightforward, and it's hard to screw them up.
I will probably try to get them to stick with my own keygen routines,
if they are allowed to use them in the PKP contract. The keygen stuff
would be the most important place to look for any security holes.
My discussions with ViaCrypt's president, Lenny Mikus, and his programming
staff, suggest to me that they are genuinely interested in making a very
secure product.
It's possible, I suppose, that maybe I could talk to ViaCrypt about
maybe publishing the source code for the rest of ViaCrypt PGP, minus the
RSA engines that the PKP contract won't let them publish. We'll see.
The current plans are for them to use the straight PGP source code with
no changes except for using their own RSA engines. So publishing the
source code would not yield many new insights anyway, since it's the
same. Other than as a confidence builder, which is nice to have.
You may repost this to cypherpunks if you wish.
Phil
--
edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca
