DId you ever think...

Jim Gillogly jim at rand.org
Fri Apr 22 11:01:04 PDT 1994



> beckman at sauron.cs.hope.edu (Peter Beckman) writes:
> Did anyone ever think that maybe, just maybe, PGP was developed, and before the
> programmer started giving it away for free, that he was paid by the government
> to give them the key which can unlock ANY PGP locked document/file/etc???  I

It's more likely that the government after the fact has started trying to
spread the rumor that PGP has an intentional hole in it or can be broken
easily.  I've seen a number of rumors of this kind, and at least one of
the latter (i.e. they can read traffic with 1024-bit keys easily, but 2-4K
keys might make them sweat) was encouraged by a visiting NSA guy, according
to the person who posted it.  The frequent postings of the first rumor (prz
corrupted) to a.s.pgp look orchestrated to me... but then I'm a bit paranoid.

> distributing, etc... Makes you wonder huh... It's possible.  Maybe he wrote in
> the PGP program a loophole in the encryption so that he could decrypt anything

No, doesn't make me wonder, no, it's not possible.  Read the code -- it's
all free.  If you don't read C, find somebody you trust to read it to you.
Read the math -- it's all been published and vetted by experts.  Watch the
emerging analysis of IDEA; watch the factoring records and the amount of
time required for them.  Don't trust the executables -- recompile it
yourself with a different compiler... they can't hack 'em all.

If you don't know anybody you trust to read code and compile for you,
you're not in a strong enough position to worry about your own security
anyway.  Yes, that's elitist -- sue me.  It's <your> security, so <you>
have to pay attention to the developments that affect it.

	Jim Gillogly
	1 Thrimidge S.R. 1994, 17:59






More information about the cypherpunks-legacy mailing list