a hole in PGP

Hadmut Danisch danisch at ira.uka.de
Tue Aug 1 04:25:29 PDT 1995


> 	Clever back doors are not accomplished by an obvious program
> change, but rather by the subtle use of some technique that appears to
> do one thing when it actually does something else.  As a good example, a
> subtle interation with the rest of the environment could modify the key
> generation algorithm after it is loaded.  Unfortunately, PGP is too
> large to verify against such back doors, so I ask again:
> 
> 	Why (specifically) do you think the MIT version of PGP has no
> backdoors and is not subject to attacks such as the one outlined in my
> previous posting?


This is a good question. 

Subtle backdoors hidden in such a program may be difficult to find out.
It might be more effective to use the PGP file format, to understand
pgp as a reference implementation, and to write you own pgp compatible
program where you can generate your keys etc. in the way you prefer.

Hadmut






More information about the cypherpunks-legacy mailing list