1995-08-01 - There’s a hole in your crypto, dear Eliza dear Eliza…

Header Data

From: “Robert A. Hayden” <hayden@krypton.mankato.msus.edu>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: 298e84617ab8a1f6f30806b12cdb4fd087ac830e81b1bf3847384550b59e8aa5
Message ID: <Pine.ULT.3.91.950731222139.14616A-100000@krypton.mankato.msus.edu>
Reply To: N/A
UTC Datetime: 1995-08-01 03:38:53 UTC
Raw Date: Mon, 31 Jul 95 20:38:53 PDT

Raw message

From: "Robert A. Hayden" <hayden@krypton.mankato.msus.edu>
Date: Mon, 31 Jul 95 20:38:53 PDT
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: There's a hole in your crypto, dear Eliza dear Eliza...
Message-ID: <Pine.ULT.3.91.950731222139.14616A-100000@krypton.mankato.msus.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Alright, here's my 2 cents worth for this petty flamewar...

Once upon a time, there was PGP 2.3.  MIT had nothing to do with it.  The 
population of the net that used the program was fairly small.  In 
addition to being small, they were all (mostly) computer literate 
people.  These people were confident in the security of PGP because the 
had read and understood the source code.  It was checked and declared 
good. 

Then, in stepped MIT.

I, and a few others, raised concerns about a possible conflict of 
interest with MIT distributing the code, and encouraged everyone to 
double check the code for back doors and other NSA nasties.  It was 
checked and declared good.

Now, we are in the present.  MIT is still part of the equation.  However, 
the demographics of the net have chaged.  Fewer people are here that (by 
percentage) are computer literate to the level to do source code 
investigations.  A few question why they shoudl trust PGP when they don't 
know it's secure.  We, those who have grown up with PGP, point out that 
it is good, yet that really isn't a great reason to trust it.

So the question is, why shoudl non-technical people believe that PGP is 
good?  They don't have the skills to check it for themselves, and you 
have to admit that the associations of MIT with various TLAs are at the 
very least concerning.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: PGP Signed with PineSign 2.2

iQCVAwUBMB2F0DokqlyVGmCFAQGhpgP9EIaGx3cHG78pFic0poPsgI/Yo1UNn6SY
gRG9kfx3M1XzWITND5m2ywUx1B9n48hGoPfgP9ISvGoXDd5/yHgsY6uEjzZCGaLU
tXzace1PvdjL5htH9prvh5GMoghCi34B9cDh01d1U2hKXEypj1pTRA+z+xWUfnGT
teMJ9uEaOu0=
=2aWA
-----END PGP SIGNATURE-----
 
____           Robert A. Hayden      <=> hayden@krypton.mankato.msus.edu
\  /__     Finger for Geek Code Info <=>    Finger for PGP Public Key
 \/  /           -=-=-=-=-=-                      -=-=-=-=-=-
   \/        http://krypton.mankato.msus.edu/~hayden/Welcome.html

-----BEGIN GEEK CODE BLOCK-----
Version: 3.0
GED/J d-- s:++>: a-- C++(++++) ULU++ P+! L++ E---- W+(-) N++++ K+++ w---
O- M+ V-- PS++>$ PE++>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++
G++++>$ e++ h r-- y++**
------END GEEK CODE BLOCK------





Thread