DId you ever think...
Did anyone ever think that maybe, just maybe, PGP was developed, and before the programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc??? I mean, wasn't it kind of surprising that the government would make such a big deal over this? To make hackers/phreakers in general think that this was the greatest encryption scheme available today for free (the programmer was paid to distribute his software for free, seeing that the sum was sizable), they made an act by (i don't know the specifics) arresting him, telling him to stop distributing, etc... Makes you wonder huh... It's possible. Maybe he wrote in the PGP program a loophole in the encryption so that he could decrypt anything that was encrypted by PGP. Maybe he is big brother. Maybe big brother is running him... I mean, has anyone ever gone thru the entire source code and checked if this PGP is a valid encryption scheme, or just the gov't slipping in their clipper thing without us knowing it. Reply here--no email please... The Devils Advocate, and preventing the Government Anarchy, Farmer Pete
Peter Beckman says:
Did anyone ever think that maybe, just maybe, PGP was developed, and before the programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc???
Individuals without much to do and with active fantasy lives can always come up with interesting paranoid scenarios, so I'm sure someone has thought this. However, because the complete source code to PGP is available and has been read by many people, the odds that this has been done are as close to zero as one could care to name. Perry
Um, this is pretty paranoid shit. The source for PGP is freely available - and the first thing that was done after it was released was that people started looking at the source for exactly the kinds of things that you mention. None were found. Of course, there *could* be glaring weaknesses in PGP internally -- and that's why the NSA chose to allow it to propogate, just like they did DES. But I don't believe that there was a conspiracy on the part of the author of PGP - after all, that's one more person outside of the control of the NSA that would know what was going on, and PRZ's anarchistic tendancies are well-known :) Ed Carp, N7EKG/VE3 ecarp@netcom.com 519/824-3307 an88744@anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
Did anyone ever think that maybe, just maybe, PGP was developed, and before the programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc??? I
[mass hysteria deleted]
running him... I mean, has anyone ever gone thru the entire source code and checked if this PGP is a valid encryption scheme, or just the gov't slipping in their clipper thing without us knowing it. Reply here--no email please...
This argument doesn't work to well. PGP is available in full source code form. It's hard to build a backdoor in the code and distribute it widely without expecting your glitch to be noticed. PGP has been studied over and over by careful prying eyes. Even though you probably aren't a programmer yourself, it might do you a bit of good to download the source and look at it yourself. -- Jeremy Cooper _ . _ ___ _ . _ ===-|)/\\/|V|/\/\ (_)/_\|_|\_/(_)/_\|_| Stop by for an excursion into the-=== ===-|)||| | |\/\/ mud.crl.com 8888 (_) Virtual Bay Area! -===
beckman@sauron.cs.hope.edu (Peter Beckman) asked:
...has anyone ever gone thru the entire source code and checked if this PGP is a valid encryption scheme...
Yes. -- +---------------------------------------------------------------------+ | james hicks | Give me your tired, your poor, | | <sonny@netcom.com> | your huddled masses yearning to breathe free, | | ...can you hear | Send these, the homeless, tempest-tossed to me.| | the music?... | I lift my lamp beside the golden door! | +---------------------------------------------------------------------+
beckman@sauron.cs.hope.edu (Peter Beckman) writes: Did anyone ever think that maybe, just maybe, PGP was developed, and before the programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc??? I
It's more likely that the government after the fact has started trying to spread the rumor that PGP has an intentional hole in it or can be broken easily. I've seen a number of rumors of this kind, and at least one of the latter (i.e. they can read traffic with 1024-bit keys easily, but 2-4K keys might make them sweat) was encouraged by a visiting NSA guy, according to the person who posted it. The frequent postings of the first rumor (prz corrupted) to a.s.pgp look orchestrated to me... but then I'm a bit paranoid.
distributing, etc... Makes you wonder huh... It's possible. Maybe he wrote in the PGP program a loophole in the encryption so that he could decrypt anything
No, doesn't make me wonder, no, it's not possible. Read the code -- it's all free. If you don't read C, find somebody you trust to read it to you. Read the math -- it's all been published and vetted by experts. Watch the emerging analysis of IDEA; watch the factoring records and the amount of time required for them. Don't trust the executables -- recompile it yourself with a different compiler... they can't hack 'em all. If you don't know anybody you trust to read code and compile for you, you're not in a strong enough position to worry about your own security anyway. Yes, that's elitist -- sue me. It's <your> security, so <you> have to pay attention to the developments that affect it. Jim Gillogly 1 Thrimidge S.R. 1994, 17:59
It's far more likely that these rumors were started by ego-maniacs who believe that any lock made by man and be broken by man. Quite true except for the problem of brute force time... I knew of one such idiot claiming he could break any code, even PGP. I have never seen him able to do so. Thems just idiots bragging the same way that the hackers/crackers of the 80's would brag and exagerate about their "heroic" deeds... Of course our wonderful Government is well known for its use of the FUD factor, so I certainly do not put it beyond their agenda, (D.Denning on AOL mentioned that she didn't know if the IDEA cypher that PGP uses was broken >YET< but she would comment no further. :-) Spreading inuendoes is probably more their style, and we all know how "Oh I think x is so" becomes "x is so" after bouncing around from person to person... Of course if someone doesn't trust PGP, they can take a few courses in cryptanalysis and take a shot or two at PGP to look for holes... :-)
From: rarachel@prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 24 Apr 1994 14:23:19 -0400 (EDT)
[...] so I certainly do not put it beyond their agenda, (D.Denning on AOL mentioned that she didn't know if the IDEA cypher that PGP uses was broken >YET< but she would comment no further. :-) Spreading inuendoes
In Crypto 93 is described a class of 2^55 (if I remember correctly) IDEA keys for which IDEA offers scant security. Your chances of getting one of these is only 2^55/2^128 == 1 in 2^73 if you choose your IDEA keys with a uniform distribution from the IDEA keyspace. (The authors also propose a simple patch -- XOR each key part just before use with 0DAE. Does any one know of plans to implement this in PGP, or of reports that this scheme doesn't solve the problem, or introduces other problems?) So, DD wasn't lying, or even necesarily being tricky. Other cyphers have fallen before, and some cracks _are_ visible in IDEA already. Also, after reading Crypto '92 and '93 for a while, I am more and more impresed and suprised with the work that NSA put into creating DES from Lucifer. Impressed that it was so good, and suprised that the work was so honest (as far as anyone will report to date anyway.). j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit fingerprint B06229 = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit fingerprint 2A915D = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys via `finger jpp@markv.com', or via email to pgp-public-keys@io.com Your feedback is welcome directly or via my symbol JPP on hex@sea.east.sun.com Resist the Clipper Chip, write "I oppose Clipper" to Clipper.petition@cpsr.org
Subject: DId you ever think... Did anyone ever think that maybe, just maybe, PGP was developed, and before
On Apr 22, 12:30, Peter Beckman wrote: the
programmer started giving it away for free, that he was paid by the government to give them the key which can unlock ANY PGP locked document/file/etc???
Maybe not... the software is generally available for anyone's inspection. -- gerald.r.martinez@att.com / grmartinez@attmail.att.com / att!drmail!grm @ AT&T GBCS Bell Labs, Denver (303) 538-1338 @ WWW: http://info.dr.att.com/hypertext/people/grm.html & life is a cabernet ...o&o )))
participants (9)
-
beckman@sauron.cs.hope.edu -
Ed Carp -
grm@bighorn.dr.att.com -
Jeremy Cooper -
Jim Gillogly -
jpp@markv.com -
Perry E. Metzger -
rarachel@prism.poly.edu -
sonny@netcom.com