From: Bill Stewart <bill.stewart@pobox.com>
Date: Mon, 23 Nov 1998 14:26:08 +0800
To: holist <cypherpunks@toad.com
Subject: Re: PGP compromised?
In-Reply-To: <199811222154.NAA25646@toad.com>
Message-ID: <3.0.5.32.19981123002423.00c18210@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 01:54 PM 11/22/98 -0800, holist wrote:
>I'm sorry if this is gnawing at old bones for you, but I recently heard from
>a rather paranoid, anonymous source here in Hungay that PGP was compromised,
>Zimmermann sold out to the Feds, all versions except possibly early DOS
>versions of PGP have back doors in them. 
>He is also claiming that the CIA have already provided the backdoor-key to
>PGP 5.0 to the Hungarian Secret Services. Is he being too paranoid, or what?

Pure disinformation.   It does have a few locally-customized twists to it.
As another poster said, you can get the source from www.pgpi.com,
check it out yourself, and compile it yourself.

There are some versions that have features allowing you to encrypt
data to multiple recipients, and some versions allow you to set this
with one or more recipients as the default (e.g. yourself,
or your corporate security officer.)  But you do not need to set this.

There are also some design bugs in the early DOS versions that make
them weaker than the later DOS versions or the newer versions,
so you don't want to use anything before 2.5 anyway.
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639