.Comparing ViaCrypt and freeware.
T. William Wells
bill at twwells.com
Sat Aug 28 00:12:59 PDT 1993
In article <9308280330.AA24324 at toad.com>,
peter honeyman <honey at citi.umich.edu> wrote:
: i'm impressed. (honest.) but the task here isn't to compare viacrypt
: to pgp -- they use different rsa engines -- it's validating that viacrypt
: doesn't have a backdoor. the diff scheme you describe presupposes that
: this step has been done, but it has not, and i think it would be very,
: very hard to do.
My understanding is that the two pieces of software are very
similar. A full decompile and analysis would be a pain (but
doable and worthwhile, if one is paranoid enough) but I don't
think it's necessary.
My thought is that once one has isolated the differences, those
alone would get scrutinized. One would isolate the rsa engines by
difference, pretty up the code, and then verify that it doesn't
have any backdoors. So long as the two versions are closely
related, the code that has to be understood apart from pgp should
be relatively small and that would make the verification process
much easier.
More information about the cypherpunks-legacy
mailing list