1993-08-27 - Re: Commercial PGP: Verifying Trustworthiness

Header Data

From: peter honeyman <honey@citi.umich.edu>
To: norm@netcom.com (Norman Hardy)
Message Hash: ce439e68a839738f491a7e3f1a319ba80d702920c0fba11b0b1129a49358a154
Message ID: <9308272026.AA17010@toad.com>
Reply To: N/A
UTC Datetime: 1993-08-27 20:27:53 UTC
Raw Date: Fri, 27 Aug 93 13:27:53 PDT

Raw message

From: peter honeyman <honey@citi.umich.edu>
Date: Fri, 27 Aug 93 13:27:53 PDT
To: norm@netcom.com (Norman Hardy)
Subject: Re: Commercial PGP: Verifying Trustworthiness
Message-ID: <9308272026.AA17010@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk.

trust?  you could read the code, starting at about line 550 of crypto.c.
of course, you have to trust your eyes, your editor (if you use one),
and your operating system not to deceive you.  (i think i've carried
this too far.)

>                                              The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.

that is a big win, in my view, but the random prefix also also helps
defeat chosen plaintext attacks, does it not?

	peter





Thread