1993-08-31 - Re: Commercial PGP: Verifying Trustworthiness

Header Data

From: bbyer@BIX.com
To: honey@citi.umich.edu
Message Hash: 9b9ca0ac5586f781b924fbea378f6b4d48116a22827223691e2146c5109d3491
Message ID: <9308310014.memo.72462@BIX.com>
Reply To: N/A
UTC Datetime: 1993-08-31 06:13:56 UTC
Raw Date: Mon, 30 Aug 93 23:13:56 PDT

Raw message

From: bbyer@BIX.com
Date: Mon, 30 Aug 93 23:13:56 PDT
To: honey@citi.umich.edu
Subject: Re: Commercial PGP: Verifying Trustworthiness
Message-ID: <9308310014.memo.72462@BIX.com>
MIME-Version: 1.0
Content-Type: text/plain


In-Reply-To: <9308272026.AA17010@toad.com>
> From: peter honeyman <honey@citi.umich.edu>
> trust?  you could read the code, starting at about line 550 of crypto.c.
> of course, you have to trust your eyes, your editor (if you use one),
> and your operating system not to deceive you.  (i think i've carried
> this too far.)

I dunno.  The early versions of UNIX had a back door in the login
program put in by the designer.  The compiler also watched for the
login source code to be recompiled and added the back door.  The
compiler also watched for the compiler source code to be recompiled
and inserted the login code modification code _and the compiler
modification code.  You can never be to careful.





Thread