CDR: [PGP:] Are you all this Blind? [Resent.]

[Wilfred L. Guerin]

-=|=-

CP: This message was distributed from Algebra.com as NULL content back on
Sunday, 27 August, 2000. It, and postant null and erred content from
various nodes triggered questions over the last week, numerous admins have
checked on the issue of problems, apparently. [There have been no changes
to this text since the original post, simply re-sent now. -WLG]

-=|=-

[PGP]: Are you all this blind?

Regarding the "New Realization" of the PGP "fixes"...

This short denouncement of performance is directed to all those of
semi-competence and awareness and understanding of the reality. 
For the rest of "us" sheep, Let "us" learn from 'their' mistakes.

I do not know who in their right mind --who actually comprehends the basis
of _this_ intellectual environment and the surrounding realities in which
we operate-- could possibly not comprehend the legitimacy and security
issues surrounding the PGP projects after the fixes were introduced.

As we *ALL* _SHOULD_ know, PGP releases prior the original release of 2.6.2
and (there may be a legitimate interim version, however its life span was
limited) prior the introduction of external influences and the release of
the 5.*+ series and the replaced 2.6.2 distributions, are the only
semi-secure and legitimate releases of the PGP algos/code.

You should ALSO know that all versions 5.*+ are severely defective, and
altered versions of 2.* replaced legitimate public distributions of 2.*
during the same time frame.

I will refuse to accept the apparent "realization" that is currently
circulating the public media.

Are those of you on this list, and involved in any and all related fields,
claiming to be so blind sighted that *YOU* did not notice the variance in
code, that *YOU* did not "bother" to examine or check the totally faulted
releases of anything from these sources after the fixes? 

Are *YOU* going to tell us that you "didn't notice" the variance in code
structures in the server-distributed versions of 2.6.2 releases immediately
after the fixing? Nor any of the more obvious transitions?

Granted, although for obvious reasons, no one immediately put up alarms due
to their full comprehension of the situations the PGP project was faced
with during this time period... BUT... Why is it only NOW, _years_later_,
that it is such a revelation? 

Why is it only now that there is a release of a statement of
common-knowledge reality? Or is the fact that no one with any comprehension
or ability to recognise the issues bothered to elucidate the reality to the
rest of the world?

This is the epitome of failure, on one of many fronts.

I am thoroughly disappointed that the current public understanding of the
PGP code and algos has thought it to be stable and legitimate encryption,
especially when there are thousands+ of individuals capable of simple
review that *SHOULD* have looked at the code upon release and prior their
use. How many did? Most. And?

Now, how many PGP sigs in this list (and others) are explicitly tag lined
with a statement resembling "2.6.2 _ORIGINAL_ PGP" or similar?

I will continue to refuse to believe that we have gone (for how many
years?) failing to exhibit the faulted PGP versions circulating publicly
and no one publicly questioning it?

Granted, the sheep are supposed to be dumb for a reason, but, in this
regard, has anyone ever bothered to teach them a more complex "baah!" ?

Or, are we to assume that our friendly spooks have failed so miserably that
only now have they created a computational system capable of analysing the
real PGP systems? This would be a statement of pathetic failure on their
behalf... I would expect the damned spooks to at least know how to run
simple (untraditional) numerics on data sets and not have any problem with
any common-use encryption to date... How can they fail so miserably? [This
assumes the common "let the sheep 'baah' after we have countered it"
mentality...]

Generally, I feel this is a pathetic failure on the part of all competent
individuals who most certainly analysed and reviewed the code and noticed
the blatant flaws many years ago (yes, they are blatantly obvious), yet
*CHOOSE* to *NEVER* elucidate this reality to the common environment?

-

Let us take this awareness and insight ("Learn from your Mistakes and
Failures") so that we do not consistently allow this type of global
stupidity to propagate for _SO_LONG_ without cross-checks... Please.

I bid you good wishes on your quest for intellectual freedom, yet also
distribute cynical remarks to all of "us" who FAILED to audience the simple
reality and stir the crowds years ago in this excessively basic issue...
What about all the others?

-Wilfred L. Guerin
Wilfred at Cryogen.com



[You really expect a PGP sig here?]



-=|=-


---------- Original Message ----------------------------------
From: John Young <jya at pipeline.com>
Date: Sat, 26 Aug 2000 09:25:20 -0400

>
>Cryptome offers the ADK bug-fix PGP Freeware 6.5.8: