From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 28 Jul 95 15:29:02 PDT
To: cypherpunks@toad.com
Subject: Re: your mail
In-Reply-To: <QQzaju18595.199507282134@relay4.UU.NET>
Message-ID: <9507282222.AA29615@all.net>
MIME-Version: 1.0
Content-Type: text


> 
> On Fri, 28 Jul 1995, Dr. Frederick B. Cohen wrote:
> 
> > Philo Zimmerman would almost certainly
> > win if they ever took him to court, but by harassing him in this more
> > subtle way, they destroy the impact of PGP in the marketplace, get MIT
> > to support an official (and perhaps customized for the NSA to have weak
> > keys) version,
> 
> I've personally pulled apart the innards of both MIT pgp 2.6.2 and the 
> non-MIT pgp 2.6.2i in order to generate large primes and full RSA keys.  
> 
> There are no hacks in MIT pgp that cause it to generate weak keys.

How (specifically) do you know that this is true?  Key generation is
very tricky stuf, and very subtle changes can have very profound impacts.
I doubt that Zimmerman's original was truly perfect at this either, but
how do we really know?

-- 
-> See:  Info-Sec Heaven using our New Super Secure World-Wide-Web Server
-> Free: Test your system's security (scans deeper than SATAN or ISS!)
---------------------- both at URL: http://all.net ----------------------
-> Read: "Protection and Security on the Information Superhighway"
	 John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95
-------------------------------------------------------------------------
   Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236