From: "Karl A. Siil" <karl@cosmos.cosmos.att.com>
Date: Sat, 3 Feb 1996 23:57:55 +0800
To: cypherpunks@toad.com
Subject: Re: RC2 Source Code - Legal Warning from RSADSI
Message-ID: <2.2.32.19960202140459.006d7194@cosmos.cosmos.att.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:00 PM 2/1/96 -0600, Mr. Boffo wrote:
>> WARNING NOTICE > > It has recently come to the attention of RSA Data 

        [ text omitted ]

>secure their own site against break-ins? If they want to be the
>prima-donna site for encryption with all of the "copy-written" crypto,
>you would think that they could protect their own resources better.

I strongly suspect RSA distributes source to those customers who pay enough,
with the caveat that the customers don't share it, of course. My company
does that, even with its most sensitive code (of course, for a lot of money
:-) ). I find it extremely unlikely (from just a probabilistic standpoint)
that this leak came from within RSADSI.

I would first suspect someone of disassembly, of which I am envious. Not
because I couldn't do it, but because I don't have time to install a new
CD-ROM drive, never mind sit down and read hex dumps and assembler.

My second suspect is a disgruntled or "Crypto Freedom Fighter" employee at
some customer's site. If this is the case and the given anonymous remailer's
(or remailers') integrity is (are) not compromised, good luck to RSA in
trying to prosecute: They're gonna need it.

This horse is out of the barn, down the road, and in the next county.

My one question: Who cares about RC2?

                                        Karl