1993-11-05 - Re: trusting software

Header Data

From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
To: cypherpunks list <cypherpunks@toad.com>
Message Hash: b5230c15b30b15741f30ef84fd8704c6c498c6dc02c24ef090bc6364425218ba
Message ID: <9311052045.AA11880@toad.com>
Reply To: <199311051657.IAA20001@mail.netcom.com>
UTC Datetime: 1993-11-05 20:47:47 UTC
Raw Date: Fri, 5 Nov 93 12:47:47 PST

Raw message

From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
Date: Fri, 5 Nov 93 12:47:47 PST
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: trusting software
In-Reply-To: <199311051657.IAA20001@mail.netcom.com>
Message-ID: <9311052045.AA11880@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: doug@netcom.com (Doug Merritt)
> Furthermore, even close reading won't absolutely *guarantee* the lack of
> backdoors in all cases, even if the reader is an expert on relevant
> subjects.

Case in point: sendmail.  The sendmail code is something like a nucleon,
in that one can apparently obtain an arbitrary number of bugs by putting
sufficient energy in.

ViaCrypt's market is people who want unquestioned legality as well
as decent security.  The best way to get this is to use PGP 2.3a,
with source, while holding a license to a product producing
identical output.  Conveniently, editing the "2.3a" to "2.4" in a
PGP-encrypted file causes no apparent problems.

   Eli   ebrandt@jarthur.claremont.edu





Thread