PGP backdoor? (No, I'm not paranoid.)

I was recently speaking with a newly-made aquaintence, and we were discussing the merits of various encryption systems. Now, I had heard about all the people who claimed the reason versions later than 2.3 wouldn't work with 2.3 was because of a backdoor for the government. I personally thought they were being paranoid. However, this guy tells me that he met Phil at defcon and phil told him that he co-operated with the government and gave them information that would enable them to crack key's for versions later than 2.3. I don't know whether to believe him or not, as I said earlier he is not a long-time friend or anything, so he could just be lying to me. If anyone has any information on this I would appreciate it. --- "Man did not enter into society to become worse than he was before, nor to have fewer rights than he had before, but to have those rights better secured." --- Thomas Paine 1791
My key is on the keyservers.

-----BEGIN PGP SIGNED MESSAGE----- [To: Mark Bainter <Mark@adspp.com>] [cc: cypherpunks@toad.com] [Subject: Re: PGP backdoor? (No, I'm not paranoid.) ] [In-reply-to: Your message of Wed, 28 Feb 96 13:22:01 PST.] <3134C779.7C84@adspp.com>
I was recently speaking with a newly-made aquaintence, and we were discussing the merits of various encryption systems. Now, I had heard about all the people who claimed the reason versions later than 2.3 wouldn't work with 2.3 was because of a backdoor for the government. I personally thought they were being paranoid. However, this guy tells me that he met Phil at defcon and phil told him that he co-operated with the government and gave them information that would enable them to crack key's for versions later than 2.3. I don't know whether to believe him or not, as I said earlier he is not a long-time friend or anything, so he could just be lying to me. If anyone has any information on this I would appreciate it.
Utter rubbish. You can look at the source code and easily convince yourself that there is no backdoor. I have personally done this for the key generation bit, and I know others who have done it for the on-the-fly encryption. Also, 2.6ui (old version) was based on 2.3 and interoperated fine -- it had no back doors. What 2.6 *did* have was a built-in incompatibility with old versions, in an attempt to make people upgrade to a version which got Phil out of some patent-raleted hot water. Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMTT9GoHskC9sh/+lAQE7FwP/dD9cN6e+g7Oji0STXHWqykfJQikQ/mrT AjQIRuomGQ+ce+R3grZcFKcvNcn8iDg5czV/K+F5Ix2apSrssnKCs0xPst1a2MD1 iWGnxP2QbkjSMfr9YziF7WBUAQCYQwM2zKrDPKF7n8u2F4MvNCbgtL1pmzCiYlOq jN1G7EyXNpk= =ln+P -----END PGP SIGNATURE-----

Mark Bainter writes:
I was recently speaking with a newly-made aquaintence, and we were discussing the merits of various encryption systems. Now, I had heard about all the people who claimed the reason versions later than 2.3 wouldn't work with 2.3 was because of a backdoor for the government. I personally thought they were being paranoid. However, this guy tells me that he met Phil at defcon and phil told him that he co-operated with the government and gave them information that would enable them to crack key's for versions later than 2.3. I don't know whether to believe him or not, as I said earlier he is not a long-time friend or anything, so he could just be lying to me. If anyone has any information on this I would appreciate it.
Your informant is taking extremely good drugs. You should find out who his connection is should you want to get any. Perry
participants (3)
-
cmca@alpha.c2.org
-
Mark Bainter
-
Perry E. Metzger