Anonymous Nymserver: anon.nymserver.com

TruthMonger an7575 at anon.nymserver.com
Thu Mar 13 14:34:07 PST 1997 


Alan Olsen hunt and pecked:
> At 08:30 PM 3/12/97 -0700, TruthMonger wrote:
> >Alan Olsen wrote:> >
> >> > > an7575 at anon.nymserver.com writes:
> >> >> >>   The use of PGP=>2.5 suddenly became a 'non-issue' for use in the
> U.S.
> >> >> because they use both the algorithm and sub-routines developed by the
> >> >> NSA and the Military.

> >> > I always wonder where these people get their information.  I know people
> who
> >> know little to nothing about cryptography, but "they know PGP has been
> >> broken".

> >  I always wonder why there seem to be so many lame fucks on
> >the cypherpunks list who, rather than responding to the posts
> >on the list, seem to be responding to some broken recording
> >going on in their own head.
> >  Naturally, these lame fucks never have a direct quote available
> >to match the words inside their heads that they purport to place
> >in the mouths of others.
> 
> The problem is burden of proof.  You made a claim with no evidence or facts
> to back it up.
> You made the statement that PGP >2.5 was comprimised.  When asked for
> something more that assertion, you go off on a screed.
> Are you retracting that claim?  Do you have something you want to share with
> the rest of the class?

  Now that you seem to have actually read what I have written, perhaps 
you might consider reading what you, yourself, have written.
  I stated my case for contending that PGP=>2.5 has been compromised, 
and got back wild-eyed demands for proof of that which I did not
claim, mainly, that PGP had been 'broken.'

  To reiterate my original observations:
1. The development of RSA was funded and controlled by the spooks.
i.e. - The National Science Foundation and the Navy.
2. The campaign of persecution against Phil Zimmerman ground to a
halt once he agreed to PGP using the spook-developed RSAREF subroutines
to implement the RSA functions, instead of PGP's original subroutines.

  If people with guns came to me and told me that software I had 
written now had to use their subroutines, instead of my own, then
I would consider my software 'compromised', regardless of whether
or not I could immediately discern any anomalies in it.
  It is far, far easier to 'build' a back-door, than to 'find' one.

  It never fails to amaze me how the back-doors that software makers
intentionally build into their products for their own convenience
suddenly become 'bugs' when hackers, among others, take advantage
of them.
  One hacker I know used to find most of his hacks into AT&T UNIX by
screwing up his system (i.e. - corrupting the passwd file) and then
calling in the AT&T support techs and observing their tricks and
techniques (and then improving on them).

  In regard to the question of whether RSA's spookware has some type
of back-door, or has been 'broken', the answers to these questions
are moot, from my point of view, because I do not intend to base
my privacy and security only on programs developed by even the
most well-intentioned of others.

TruthMonger

More information about the cypherpunks-legacy mailing list