Attila T. Hun wrote, in blood:

on or about 970313:1533 TruthMonger <an7575@anon.nymserver.com> said:

+ To reiterate my original observations: +1. The development of RSA was funded and controlled by the spooks. i.e. +- The National Science Foundation and the Navy. +2. The campaign of persecution against Phil Zimmerman ground to a halt +once he agreed to PGP using the spook-developed RSAREF subroutines to +implement the RSA functions, instead of PGP's original subroutines.

about a year ago when Phil's prosecution was dropped, I wrote a rather lengthy message here about PKZ, the prosecution turning to vapour, surprise funding for PGP, Inc. (which is substantial), and the issue of being compromised.

What I found interesting about TruthMonger's missive was that the replies he received as a result of merely 'questioning' certain things regarding the holy icon of PGP, he got back replies/rants, from normally rational list subscribers, which were scathing rebukes to issues he or she hadn't even raised. I wonder if you had a similar experience with the post you mention.

ANYONE who has managed to walk away from a fed hate/hatchet job has been compromised to some extent.

No shit, Sherlock.

+ If people with guns came to me and told me that software I had +written now had to use their subroutines, instead of my own, then I +would consider my software 'compromised', regardless of whether or not +I could immediately discern any anomalies in it. + It is far, far easier to 'build' a back-door, than to 'find' one.

you got that one right! just the ability to _backtrack_ into the algorithms is a start. One piece of clear text and you're toast.

You can't tell me the guy who designed the Rubik cube didn't know how to 'beat' it when he was done.

+ It never fails to amaze me how the back-doors that software makers +intentionally build into their products for their own convenience +suddenly become 'bugs' when hackers, among others, take advantage of +them. + One hacker I know used to find most of his hacks into AT&T UNIX by +screwing up his system (i.e. - corrupting the passwd file) and then +calling in the AT&T support techs and observing their tricks and +techniques (and then improving on them).

...ask a few of the old line unix hacks at Murray Hill (where I was "granted" my name....) however, AT&T was never as bad as a few of the others (Sperry comes to mind...) and most of AT&T's access points were not open and exploitable without you enabling them (by giving them access).

I know a hacker who could get Support Techies to perform all of their secret black-magic in front of him just because he had the abilty to act extremely stupid. (If he asked you the time of day, you'd write it down for him, and explain it to him.)

however, 20 years ago, the feds were scary enough with "new" crypto; 4 AM rousts that noone believed the feds would do. warrants? yeah, right! If the feds arrested you, you were "obviously" guilty or they would not have arrested you.

I think we can expect the day to come when the Feds make their major public relations tune "If you don't have anything to 'hide', then why do you need crypto?", thus pointing out to 'decent folk' that the CypherPunks are all drug smuggling, tax-dodging pedophiles. -- Toto "The Xenix Chainsaw Massacre" http://bureau42.base.org/public/xenix/xenbody.html