your mail

[Derek Atkins]

Hey, Doc...

> The term paranoid is inappropriate in this context.  Paranoia refers to
> an irrational fear, while I am expressing a rational concern over a
> system that has been taken over by a (partially) government funded
> university and which has not been properly verified.  The history of
> cryptography (as they say) is (quite literally) littered with the dead
> bodies of people killed because somebody else thought a cryptosystem was
> good enough when it was not. 

If you are concerned that someone put a whole or backdoor in PGP, then
go grab the source and take a look for yourself.  Thats why the code
is available.  If you can't understand it, then you probably have no
real right to complain!  However if you are still paranoid (and yes, I
do believe this is an irrational fear, being the person who maintains
the MIT PGP development sources) then go find someone who can
understand it and ask them.

As a side note, PGP does not go out of its way to choose "good" primes
over other primes.  Take a look at genprime.c and read the comment
near the top of the file.  It explains why.

-derek