1993-08-26 - Re: ViaCrypt’s PGP

Header Data

From: Brad Huntting <huntting@glarp.com>
To: cypherpunks@toad.com
Message Hash: 70827c096fac2cd8f709a7f584cd870941b26436479b2b8c3a5a97f974d95ac9
Message ID: <199308261910.AA05802@misc.glarp.com>
Reply To: <9308261844.AA08587@enet-gw.pa.dec.com>
UTC Datetime: 1993-08-26 19:12:32 UTC
Raw Date: Thu, 26 Aug 93 12:12:32 PDT

Raw message

From: Brad Huntting <huntting@glarp.com>
Date: Thu, 26 Aug 93 12:12:32 PDT
To: cypherpunks@toad.com
Subject: Re: ViaCrypt's PGP
In-Reply-To: <9308261844.AA08587@enet-gw.pa.dec.com>
Message-ID: <199308261910.AA05802@misc.glarp.com>
MIME-Version: 1.0
Content-Type: text/plain



> The only way ViaCrypt can prove that this isn't the case is to distribute
> the source code of _their_ product.  [Note: they do NOT have to include the
> RSA module source- if it's possible to examine the non-RSA code, and 
> instrument it (to prove that the session key is honestly generated 
> _AND_ transmitted/recovered correctly) then Thug's tests will be adequate
> to verify a lack of backdoors (as far as I can see- but I'm perhaps not
> as devious as a professional).

One could apply the same sabotage to the generation of RSA public
keys making any keys generated with ViaCrypt easily crackable.

Of course you could use PGP to generate keys.  And now what is
ViaCrypt useful for?  It's original purpose:  Establishing plausable
deniability.

"Yes your honor, all these encrypted messages presented by the FBI
as Exibit A were generated by ViaCrypt which incidentally we have
a site licence for...  No sir, We've never used PGP."


brad





Thread