1993-12-02 - Re: NSA CAN BREAK PGP ENCRYPTION

Header Data

From: jazz@hal.com (Jason Zions)
To: cypherpunks@toad.com
Message Hash: dc33a431e1e83d2f1daf34ce6a467c5b8567617516353c0ebb21ccec71f08e47
Message ID: <9312022227.AA25783@jazz.hal.com>
Reply To: N/A
UTC Datetime: 1993-12-02 22:28:38 UTC
Raw Date: Thu, 2 Dec 93 14:28:38 PST

Raw message

From: jazz@hal.com (Jason Zions)
Date: Thu, 2 Dec 93 14:28:38 PST
To: cypherpunks@toad.com
Subject: Re: NSA CAN BREAK PGP ENCRYPTION
Message-ID: <9312022227.AA25783@jazz.hal.com>
MIME-Version: 1.0
Content-Type: text/plain


Major-league guffaws.

   >        A lot of people think that PGP encryption is unbreakable and
   >that the NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it
   >can be a deadly mistake. In Idaho, a left-wing activist by the name of
   >Craig Steingold was arrested _one day_ before he and others wee to stage
   >a protest at government buildings; the police had a copy of a message
   >sent by Steingold to another activist, a message which had been
   >encrypted with PGP and sent through E-mail.

Craig Steingold indeed. Looks so much like Craig Shergold, of infamous
dying-boy-wants-Guiness-record fame, that I had to read it twice.

   >        Since version 2.1, PGP ("Pretty Good Privacy") has been rigged
   >to allow the NSA to easily break encoded messages. Early in 1992, the
   >author, Paul Zimmerman, was arrested by Government agents. He was told
   >that he would be set up for trafficking narcotics unless he
   >complied. The Government agency's demands were simple: He was to put a
   >virtually undetectable trapdoor, designed by the NSA, into all future
   >releases of PGP, and to tell no-one.

Paul, not Phil (his actual name).

   >        After reading this, you may think of using an earlier version of
   >PGP. However, any version found on an FTP site or bulletin board has
   >been doctored. Only use copies acquired before 1992, and do NOT use a
   >recent compiler to compile them. Virtually ALL popular compilers have
   >been modified to insert the trapdoor (consisting of a few trivial
   >changes) into any version of PGP prior to 2.1. Members of the boards of
   >Novell, Microsoft, Borland, AT&T and other companies were persuaded into
   >giving the order for the modification (each ot these companies' boards
   >contains at least one Trilateral Commission member or Bilderberg
   >Committee attendant).

Oh, no, not the Trilateral Commission again!

   >        It took the agency more to modify GNU C, but eventually they did
   >it.  The Free Software Foundation was threatened with "an IRS
   >investigation", in other words, with being forced out of business,
   >unless they complied. The result is that all versions of GCC on the FTP
   >sites and all versions above 2.2.3, contain code to modify PGP and
   >insert the trapdoor. Recompiling GCC with itself will not help; the code
   >is inserted by the compiler into itself. Recompiling with another
   >compiler may help, as long as the compiler is older than from 1992.

Right. Every commercial compiler has code that recognizes every version of
GCC source since 2.2.3 and inserts into the generated object code some new
stuff that makes the freshly compiled GCC recognize every version of PGP
released since 1992 and inserts into *its* object code magic breakage that
creates an NSA trapdoor.

I hereby nominate this message for the Cypherpunk's Paul Bunyan award, 1993,
in the category of "Biggest Whopper".

(Oh, yeah. While I'm at it - Detweiller's Medusa theories, in conjunction
with his pseudospoofed distribution techniques, are hereby nominated for the
Goebel's Memorial award for "Best Big Lie" of '93.)

Jason Zions "Wish I really were Eric Hughes or Tim May, or at least that sharp"





Thread