In article <199311051657.IAA20001@mail.netcom.com> doug@netcom.com writes:

ogr@wyvern.wyvern.com (Jason Plank) said:

...

Phil Zimmerman solved this problem by supplying the source code for his product. You can see for yourself that there are no backdoors.

This helps, but is imperfect. How many people will read their particular copy in sufficient detail to ascertain that there aren't any obvious backdoors added by e.g. a sneaky archive site maintainer, or some sneaky cracker who found a way to modify the archived copy?

Well, I did for one. Some of you may remember me posting to sci.crypt quite some time ago, because the one thing I wasn't happy about was the use of a probabilistic primality tester when there were completely certain primality tests available (albeit a bit more expensive in cpu). (especially since I didn't understand how the probabilistic one worked) I see from a posting on sci.crypt today that the probabilistic tests have been show to be possibly mildly weak in some infrequent cases. Probably not worth worrying about, but still, it's a sobering thought. The rest of the code I understood well enough to trust it, mostly :) G -- Personal mail to gtoal@gtoal.com (I read it in the evenings) Business mail to gtoal@an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212