-=|=- CP: This message was distributed from Algebra.com as NULL content back on Sunday, 27 August, 2000. It, and postant null and erred content from various nodes triggered questions over the last week, numerous admins have checked on the issue of problems, apparently. [There have been no changes to this text since the original post, simply re-sent now. -WLG] -=|=- [PGP]: Are you all this blind? Regarding the "New Realization" of the PGP "fixes"... This short denouncement of performance is directed to all those of semi-competence and awareness and understanding of the reality. For the rest of "us" sheep, Let "us" learn from 'their' mistakes. I do not know who in their right mind --who actually comprehends the basis of _this_ intellectual environment and the surrounding realities in which we operate-- could possibly not comprehend the legitimacy and security issues surrounding the PGP projects after the fixes were introduced. As we *ALL* _SHOULD_ know, PGP releases prior the original release of 2.6.2 and (there may be a legitimate interim version, however its life span was limited) prior the introduction of external influences and the release of the 5.*+ series and the replaced 2.6.2 distributions, are the only semi-secure and legitimate releases of the PGP algos/code. You should ALSO know that all versions 5.*+ are severely defective, and altered versions of 2.* replaced legitimate public distributions of 2.* during the same time frame. I will refuse to accept the apparent "realization" that is currently circulating the public media. Are those of you on this list, and involved in any and all related fields, claiming to be so blind sighted that *YOU* did not notice the variance in code, that *YOU* did not "bother" to examine or check the totally faulted releases of anything from these sources after the fixes? Are *YOU* going to tell us that you "didn't notice" the variance in code structures in the server-distributed versions of 2.6.2 releases immediately after the fixing? Nor any of the more obvious transitions? Granted, although for obvious reasons, no one immediately put up alarms due to their full comprehension of the situations the PGP project was faced with during this time period... BUT... Why is it only NOW, _years_later_, that it is such a revelation? Why is it only now that there is a release of a statement of common-knowledge reality? Or is the fact that no one with any comprehension or ability to recognise the issues bothered to elucidate the reality to the rest of the world? This is the epitome of failure, on one of many fronts. I am thoroughly disappointed that the current public understanding of the PGP code and algos has thought it to be stable and legitimate encryption, especially when there are thousands+ of individuals capable of simple review that *SHOULD* have looked at the code upon release and prior their use. How many did? Most. And? Now, how many PGP sigs in this list (and others) are explicitly tag lined with a statement resembling "2.6.2 _ORIGINAL_ PGP" or similar? I will continue to refuse to believe that we have gone (for how many years?) failing to exhibit the faulted PGP versions circulating publicly and no one publicly questioning it? Granted, the sheep are supposed to be dumb for a reason, but, in this regard, has anyone ever bothered to teach them a more complex "baah!" ? Or, are we to assume that our friendly spooks have failed so miserably that only now have they created a computational system capable of analysing the real PGP systems? This would be a statement of pathetic failure on their behalf... I would expect the damned spooks to at least know how to run simple (untraditional) numerics on data sets and not have any problem with any common-use encryption to date... How can they fail so miserably? [This assumes the common "let the sheep 'baah' after we have countered it" mentality...] Generally, I feel this is a pathetic failure on the part of all competent individuals who most certainly analysed and reviewed the code and noticed the blatant flaws many years ago (yes, they are blatantly obvious), yet *CHOOSE* to *NEVER* elucidate this reality to the common environment? - Let us take this awareness and insight ("Learn from your Mistakes and Failures") so that we do not consistently allow this type of global stupidity to propagate for _SO_LONG_ without cross-checks... Please. I bid you good wishes on your quest for intellectual freedom, yet also distribute cynical remarks to all of "us" who FAILED to audience the simple reality and stir the crowds years ago in this excessively basic issue... What about all the others? -Wilfred L. Guerin Wilfred@Cryogen.com [You really expect a PGP sig here?] -=|=- ---------- Original Message ---------------------------------- From: John Young <jya@pipeline.com> Date: Sat, 26 Aug 2000 09:25:20 -0400

Cryptome offers the ADK bug-fix PGP Freeware 6.5.8: