Re: Encryption

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 01/15/02


Date: Tue, 15 Jan 2002 11:34:21 -0500 (EST)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: Tom Arseneault <arsen@certaintysolutions.com>

i dont think the fear is in the algorithms chosen. i think people would be
up in arms if what was advertised as Blowfish was ROT-13, for example. i
think its more of backdoors in terms of weak key (or limited key)
selection and various 'crumbs' of plaintext left available in the output.

to the best of my knowledge no one has done a serious audit of PGP since
2.6 days, since NAI took it over. since there were conspiracy theorists
claiming to have been visited by an NSA operative/officer and told to
weaken the PGP product at NAI, its a concern for people who would take
that at face value.

but given the traffic wedepend on that we secure with PGP, a serious audit
would be welcome. myself, i stopped using PGP from NAI cuz the code just
stopped builing cleanly, as opposed to GPG.

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



Relevant Pages

  • Re: Encrypting e-mail -- rather long; sorry
    ... > With the demise of NAI PGP, ... Throughout the development of PGP, ... ("the Free Software Foundation"... ... NAI provided the source-code through ...
    (Security-Basics)
  • Re: Encrypting e-mail -- rather long; sorry
    ... >> With the demise of NAI PGP, ... > american companies to under-bid various projects and so to win contracts ... Version: GnuPG v1.0.7 ...
    (Security-Basics)
  • Re: McAFEE Service STINKS!
    ... >|>| PGP was the best encryption program before NAI made it closed ... >|>| source and installed a backdoor into its cryptographic routines. ... >| The source code is still not available to download for PGP 7.0.3 as I ...
    (alt.computer.security)
  • Re: PGP Backdoor
    ... NAI acquired TIS and PGP and the two teams never intermingled, ... of the company that had any thing to do with Key Escrow. ...
    (Security-Basics)
  • Re: MacPGP??? What is it???
    ... NAI and Mcafee Haven't heard of it.... ... :up in the air about what hey are doing with the PGP line, ... :doesn't support Mac. ... :implementation instructions would be very much appreciated. ...
    (comp.security.firewalls)