Sunder writes:

Agreed. If PGP has a hole it in it's not in the sources, nor in the executables. Any hole would be a breaking of the RSA or IDEA cyphers by the TLA's who wouldn't talk about it, or the availablity of enough super fast hardware to brute force it.

It wouldn't be that PGP, it's sources, or algorithms have holes. It would be that there is a way to factor RSA that as of yet we don't know about. And hell, that's as likely as meeting Elvis at your local 7-11. ;-)

One little mental game I sometimes play (when I'm bored with deciding what to do when I win the lottery :-) is: What would you do if you could crack RSA? Let's suppose you've stumbled upon a very fast factoring algorithm - you can crack all of the RSA challenges on your home PC in minutes. What do you do next? Possibilities: * Post the algorithm to the net [anonymously?]. * Post the solutions to the challenges [anonymously?]. * Apply for a patent. * Sit on it. * Write an article for Cryptologia, get the Draper medal. * Try to cut a deal with RSA * Try to cut a deal with NSA * Try to cut a deal with KGB/Sadam/etc. * Try to keep it a trade secret, but profit from it. * Escrow a OTP encoded description of the algorithm, and the OTP, with different (unknown to each other) lawyers, with orders to post them to sci.crypt if you vanish or die mysteriously. It's sort of fun to speculate... Peter PS:I'm still waiting for the SSL challenge to start. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation trei@process.com