Information
stewarts at ix.netcom.com
stewarts at ix.netcom.com
Wed Nov 6 23:39:25 PST 1996
>> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
>> > I'm a new Cyberpunk!
Probably wearing a set of Ono-Sendai eyeballs....
>> > Last, I would like to know once and for all, is PGP compromised, is
>> > there a back door, and have we been fooled by NSA to believe it's secure?
You can read and compile the source code yourself.
You can learn crypto to help you understand the strength of the
algorithms. I'd recommend Bruce Schneier's "Applied Cryptography".
You can look for bugs and subtle design flaws along with other people.
There are un-subtle design flaws, like the DOSoid user interface :-),
and there are philosophical arguments about whether an identity-based
Web of Trust is the right trust model, and practical problems about
how to support revocation correctly, but basically it's Pretty Good Privacy.
On the other hand, there are other threats to think about.
Is there a virus, software bug, or trojan horse that captures the keystrokes
you type into your computer? If your passphrase is stolen, you lose.
PGP can't tell; it's just software. What's on that yellow sticky note?
Is the NSA listening for electronic signals from that dark van
parked out in front of your house? They're pretty good these days.
Your computer doesn't know, so PGP can't help you with it.
Are you using PGP to keep business records (like that second set of books)
which can be subpoenaed by a court? When the IRS seizes your computer
and sees all those files with ------BEGIN PGP----- on them, can they
force you to reveal the keys or at least the contents?
PGP can't solve those problems for you. But it can keep amateurs like
your local police department from reading the files you really care about
until they haul you in front of a court where you can bring a lawyer.
There are applications that PGP doesn't do, like keeping the blocks
on your disk drive automagically encrypted - it just does things to
files when you tell it to. But you can at least encrypt the critical stuff,
and you can encrypt your email messages and other sensitive files
you transmit across a network. Won't do any good for IRC...
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
More information about the cypherpunks-legacy
mailing list