Commercial PGP: Verifying Trustworthiness

Doug Merritt doug at netcom5.netcom.com
Tue Aug 31 07:39:03 PDT 1993


--- Forwarded mail from Marc Horowitz <marc at Athena.MIT.EDU>

>From owner-cypherpunks at toad.com Mon Aug 30 23:40:01 1993
Received: from relay2.UU.NET by mail.netcom.com (5.65/SMI-4.1/Netcom)
	id AA14421; Mon, 30 Aug 93 23:39:57 -0700
Received: from toad.com by relay2.UU.NET with SMTP 
	(5.61/UUNET-internet-primary) id AA10745; Tue, 31 Aug 93 02:40:50 -0400
Received: by toad.com id AA14781; Mon, 30 Aug 93 23:33:56 PDT
Received: by toad.com id AA14701; Mon, 30 Aug 93 23:31:26 PDT
Return-Path: <marc at Athena.MIT.EDU>
Received: from Athena.MIT.EDU ([18.72.1.1]) by toad.com id AA14688; Mon, 30 Aug 93 23:31:23 PDT
Received: from OLIVER.MIT.EDU by Athena.MIT.EDU with SMTP
	id AA00837; Tue, 31 Aug 93 02:28:59 EDT
Received: by oliver.MIT.EDU (AIX 3.2/UCB 5.64/4.7) id AA14903; Tue, 31 Aug 1993 02:28:52 -0400
Message-Id: <9308310628.AA14903 at oliver.MIT.EDU>
To: bbyer at BIX.com
Cc: honey at citi.umich.edu, cypherpunks at toad.com
Subject: Re: Commercial PGP: Verifying Trustworthiness 
In-Reply-To: Your message of Tue, 31 Aug 93 00:14:18 -0400.
             <9308310014.memo.72462 at BIX.com> 
Date: Tue, 31 Aug 93 02:28:52 EDT
From: Marc Horowitz <marc at Athena.MIT.EDU>


Marc Horowitz <marc at Athena.MIT.EDU> said:
>> I dunno.  The early versions of UNIX had a back door in the login [...]
>I've let a lot of stupid comments go by, but I have to respond to this one.
>
>It is true that Dennis Ritchie (I believe, if not him, one of the
>other original UNIX authors) proposed such a login/compiler virus.
>But it wasn't in any early version of UNIX.

Stupid? Watch the flame bait...he merely overstated a touch. The back doors
weren't part of any of the full distributions, it's true, but they
were quite a bit more than proposals. Ken Thompson actually distributed
those back doors via a compiler update, warning of a security problem
and urging all sites to recompile. Most did, which inserted the back doors
into the programs. That's close enough to the original claim.

See the Ken Thompson & Dennis Ritchie Turing Award Lecture, which goes
into detail about this. The level of sneakiness involved was amazing.
Compilers are the ultimate security breach.
	Doug






More information about the cypherpunks-legacy mailing list