[38879] in cryptography@c2.net mail archive
Re: Hypothesis: PGP backdoor
daemon@ATHENA.MIT.EDU (Ondrej Mikle)
Mon Aug 28 09:25:34 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 28 Aug 2006 12:41:03 +0200
From: Ondrej Mikle <ondrej.mikle@gmail.com>
To: Len Sassaman <rabbi@abditum.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <Pine.LNX.4.58.0608270923320.21797@thetis.deor.org>
Len Sassaman wrote:
> On Thu, 24 Aug 2006, Ondrej Mikle wrote:
> I also have no question, personally, that if there's a backdoor in PGP,
> neither Mr. Callas nor any of the PGP engineers I had the pleasure to work
> with know of it. Your theory is indeed wild, and though I don't mean to
> discourage vigilance in questioning these sorts of potential subversions
> of integrity in software as important as PGP, you might consider doing
> more research into the background of people against whom you choose to
> levy hypothetical accusations in public forums in the future.
>
OK, thanks for answering. I had only very limited view of the background
behind PGP (i.e. stuff about NAI/PGP corp).
One last question: what about the PGPdisk SDA (self-decrypting archives,
i.e. executables)? There has been a claim that SDA archives can be
decrypted using a debugger. Is it true or false? See the section "Two
Ways to bypass PGP SDA Authentication and EXTRACT with success" in the
"advisory" http://www.safehack.com/Advisory/pgp/PGPcrack.html. Is the
guy confused again? ;-)
Thanks
OM
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
