Commercial PGP: Verifying Trustworthiness
peter honeyman
honey at citi.umich.edu
Fri Aug 27 13:27:53 PDT 1993
> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk.
trust? you could read the code, starting at about line 550 of crypto.c.
of course, you have to trust your eyes, your editor (if you use one),
and your operating system not to deceive you. (i think i've carried
this too far.)
> The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.
that is a big win, in my view, but the random prefix also also helps
defeat chosen plaintext attacks, does it not?
peter
More information about the cypherpunks-legacy
mailing list