cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1993-08-27 - Re: Viacrypt PGP source code unavailable

Header Data

From: hfinney@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 32b61266bc9d84c3837442c264b934ba4f7646d9f758cf1e3ea91d1c5ab24f0c
Message ID: <9308270511.AA25638@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1993-08-27 05:23:09 UTC
Raw Date: Thu, 26 Aug 93 22:23:09 PDT

Raw message

From: hfinney@shell.portal.com
Date: Thu, 26 Aug 93 22:23:09 PDT
To: cypherpunks@toad.com
Subject: Re: Viacrypt PGP source code unavailable
Message-ID: <9308270511.AA25638@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I spoke briefly with Phil Zimmermann about the ViaCrypt deal this
afternoon.  He explained, as I understood it, that the company was
contractually obligated to use their own version of the RSA library.
This code is apparently proprietary and so the source is not currently
planned to be released.  Phil indicated, though, that he will discuss
this issue with ViaCrypt, and hopefully some solution can be found which
will satisfy users.

It was not clear to me whether the random-number code from PGP would be
retained.  I suspect that it will be, though, which would mean that if
you started with identical randseed.bin files, and RSA-encrypted identical
files, that the two programs should produce identical output.  PGP uses
the contents of this file to initialize its random number generator.

(PGP does put some random data at the beginning of the plaintext before
encryption, as was described; this is to make cryptanalysis harder, since
the first few bytes of the plaintext will not be known.  Again, this
random data is based on the contents of the randseed.bin file.)

To address a few other points that were made:  Phil reiterated his strong
committment to keep the freeware version of PGP at least as up-to-date as
the commercial version.  This is not a case where the freeware version will
be left to languish.  In fact, Phil expects the commercial version to be
based on the freeware version, with advances occuring first in the freeware
code.

As to whether individuals will pay $100 or more for a legal version, that
remains to be seen.  In some ways the same question can be asked about many
commercial packages, for which pirated versions are available for free
from friends or user groups.  Yet still some people pay for software because
they feel better using a legal version.  People who feel this way would
perhaps also prefer a legal version of PGP.

Hal Finney
hfinney@shell.portal.com

Thread