From: cjl@micro.med.cornell.edu (Chris Leonard)
Date: Wed, 25 Aug 93 20:17:17 PDT
To: cypherpunks@toad.com
Subject: Viacrypt PGP source code unavailable
Message-ID: <9308260315.AA07283@ micro.med.cornell.edu>
MIME-Version: 1.0
Content-Type: text/plain


>I talked once again with Dave Barnheart at ViaCrypt, and he told me:
>
>	A) No source code will be available, due to the nature of the
>agreement between PKP and ViaCrypt.
>
>So in answer to (Paul Goggin's?) questions about verification of changes,
>"We'll Just Have To Trust Them(tm)" <g> 

PUBLIC NOTICE:  The question below reflects the curiosity of a cryptologically,
and mathematically, fairly naive user of PGP.

Isn't there some way to black box it the way engineers do with circuits?

If you control the inputs, randseed, message, keys etc. that goes into each
copy of the program aren't you going to be able to compare the outputs
directly.  Or are they going to be different everytime because of some 
randomization I am unaware of?  remember the naive part :-)  

You may not be able to break PGP with a plaintext attack, but all you really
need to know is that the output of the unsourced VIACrypt gives the same result
as the freeware, don't you?

Awaiting enlightenment, 
please be gentle it's my first time :-}


C. J. Leonard  <cjl@micro.med.cornell.edu