Re: PGP backdoor? (No, I'm not paranoid.)

perry@piermont.com wrote:
Mark Bainter writes:
<snip>
However, this guy tells me that he met Phil at defcon and phil told him that he co-operated with the government and gave them information that would enable them to crack key's for versions later than 2.3. I don't know whether to believe him or not,
Your informant is taking extremely good drugs. You should find out who his connection is should you want to get any.
Perry
Dear Perry, many peoples hear many things. The difficult part is to figure out what is the validity of what ones hears. I personnally heard a things or two, even if I am not involved in any way in the trade of crypto. I heard them through outside channels, completely independently from any crypto-activist, wether pro or con (CPunks et al or Govt). Theses sources are of utmost qualifications. Wether or not there is a "vast conspiracy" either to make us believe that, for an example, PGP *is* or *is not* crackable we *do not* know. Every side have vested interests. Many opinions that PGP is secure rest on *actual* evaluation of our computing capabilities, actual or forecasted. And experts are *very often* wrong. Have a look at history of sciences... You'll realize that most accomplishments were held as impossible even shortly before they were discovered/created. Such is the history of intra-abdominal surgery, of space flight and of many other knowledge and/or technology. In most instances of life, it is much wiser to realize that *we do not know* and accepting ignorance as such rather than adopting the first tempting rationalization that comes to mind. Because in the former case, you still have the possibility to enhance life by learning, while in the second, you can only hope that you did not adopt a wrong belief that will eventually cost you dearly. Remember, when an ostrich puts it's head in the sand, which part of it's anatomy it is showing to the world... So, why waste bandwith with a post that apparently mainly seems to be aimed at dismissing somebody but brings *absolutely no* new knowledge to the discussion? Please, next time, post privately. Funny jokes are, IMHO, welcome because they have some life-enhancing value. So please, at least be funny... Your post makes me wonder for what terribly conspiring organisation are you working for... JFA The collectivists be DAMNED! **** OLD KEY: DO NOT USE ANYMORE UNLESS FOR VERIFYING SIGNATURES **** 1024 bits Key ID:57214AED 1995/10/04 Jean-Francois Avon <jf_avon@citenet.net> Key fingerprint = 84 96 76 AE EB 7C AB 15 88 47 87 B0 18 31 74 9F

Jean-Francois Avon (JFA Technologies, QC, Canada) writes:
many peoples hear many things. The difficult part is to figure out what is the validity of what ones hears. I personnally heard a things or two, even if I am not involved in any way in the trade of crypto. I heard them through outside channels, completely independently from any crypto-activist, wether pro or con (CPunks et al or Govt). Theses sources are of utmost qualifications. Wether or not there is a "vast conspiracy" either to make us believe that, for an example, PGP *is* or *is not* crackable we *do not* know.
Whether there is a conspiracy to convince people to believe things about PGP or not, there is no need to take PGP's characteristics on faith. You can get out the source code and read it.
Many opinions that PGP is secure rest on *actual* evaluation of our computing capabilities, actual or forecasted. And experts are *very often* wrong. Have a look at history of sciences... You'll realize that most accomplishments were held as impossible even shortly before they were discovered/created.
No change in algorithms occurred between PGP 2.3 and later versions, so any claim that it was made breakable at that point cannot be made on the basis that computing power is somehow now able to crack it when it could not do so before.
So, why waste bandwith with a post that apparently mainly seems to be aimed at dismissing somebody but brings *absolutely no* new knowledge to the discussion? Please, next time, post privately.
I'm sorry, but I am bringing knowledge to the discussion. It is my personal knowledge that PGP was built as well as the people who built it knew how, and that it is believed to be free from major flaws by them and those who have examined it. I do not believe that PGP is totally bug free, and a subtle flaw in, say, the PRNG, or some other spot, is not impossible. However, no such flaws were put in place deliberately, and if such flaws exist they have escaped the notice of literally hundreds of people examining the source code for problems. Perry
participants (2)
-
jf_avon@citenet.net
-
Perry E. Metzger