From: smb@research.att.com
Date: Wed, 26 May 93 17:37:15 PDT
To: Clark Reynard <clark@metal.psu.edu>
Subject: Re: VinCrypt
Message-ID: <9305270037.AA11240@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 Even as a former 'hacker' myself, the second to last person I would
	 trust not to install a backdoor (next to the NSA) is a hacker.

	 In addition, merely having been a systems hacker hardly qualifies
	 one for writing complex crypto software.  Without any assurance as
	 to the authors' qualifications for writing a crypto package, or
	 their integrity.  Even if I could trust their integrity, I'm very
	 leery of black-box software.

	 ----
	 Robert W. Clark             Just Say No! to the
	 rclark@nyx.cs.du.edu        Big Brother Chip  

Indeed.  There were a pair of papers in Cryptologia a few years ago
on ``Data Insecurity'' packages.  The author cryptanalyzed a number
of different PC-based crypto packages, and contrasted that with
the glowing advertising copy...