Hey, Doc...
The term paranoid is inappropriate in this context. Paranoia refers to an irrational fear, while I am expressing a rational concern over a system that has been taken over by a (partially) government funded university and which has not been properly verified. The history of cryptography (as they say) is (quite literally) littered with the dead bodies of people killed because somebody else thought a cryptosystem was good enough when it was not.
If you are concerned that someone put a whole or backdoor in PGP, then go grab the source and take a look for yourself. Thats why the code is available. If you can't understand it, then you probably have no real right to complain! However if you are still paranoid (and yes, I do believe this is an irrational fear, being the person who maintains the MIT PGP development sources) then go find someone who can understand it and ask them.
As a side note, PGP does not go out of its way to choose "good" primes over other primes. Take a look at genprime.c and read the comment near the top of the file. It explains why.
My assertion regarding weakness of the key generation algorithm was not related to the response you gave. As a result, it appears that you are avoiding the issue. This looks bad if you are, as you claim, maintaining a legitimate algorithm. Perhaps you would be better served by addressing the specifics of my comments - to wit: What makes you think PGPs method of getting seeds does not lead to a limited key space that is within the realm of modern computers to search? Your assertion that I could find the backdoor by inspecting the program is the wrong tactic for secure programs. If you want people to believe that a program is secure, you had better come up with good reasons that it is secure, and not hide behind "if you can't find any holes, it must be secure". Clever back doors are not accomplished by an obvious program change, but rather by the subtle use of some technique that appears to do one thing when it actually does something else. As a good example, a subtle interation with the rest of the environment could modify the key generation algorithm after it is loaded. Unfortunately, PGP is too large to verify against such back doors, so I ask again: Why (specifically) do you think the MIT version of PGP has no backdoors and is not subject to attacks such as the one outlined in my previous posting? -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236