From: cjl@micro.med.cornell.edu (Chris Leonard)
To: cypherpunks@toad.com
Message Hash: afccb5e54aa7a68dbd10d3148e4eec66eb577bc89a2022a381476e36f0cdfa53
Message ID: <9308260315.AA07283@ micro.med.cornell.edu>
Reply To: N/A
UTC Datetime: 1993-08-26 03:17:17 UTC
Raw Date: Wed, 25 Aug 93 20:17:17 PDT
From: cjl@micro.med.cornell.edu (Chris Leonard)
Date: Wed, 25 Aug 93 20:17:17 PDT
To: cypherpunks@toad.com
Subject: Viacrypt PGP source code unavailable
Message-ID: <9308260315.AA07283@ micro.med.cornell.edu>
MIME-Version: 1.0
Content-Type: text/plain
>I talked once again with Dave Barnheart at ViaCrypt, and he told me:
>
> A) No source code will be available, due to the nature of the
>agreement between PKP and ViaCrypt.
>
>So in answer to (Paul Goggin's?) questions about verification of changes,
>"We'll Just Have To Trust Them(tm)" <g>
PUBLIC NOTICE: The question below reflects the curiosity of a cryptologically,
and mathematically, fairly naive user of PGP.
Isn't there some way to black box it the way engineers do with circuits?
If you control the inputs, randseed, message, keys etc. that goes into each
copy of the program aren't you going to be able to compare the outputs
directly. Or are they going to be different everytime because of some
randomization I am unaware of? remember the naive part :-)
You may not be able to break PGP with a plaintext attack, but all you really
need to know is that the output of the unsourced VIACrypt gives the same result
as the freeware, don't you?
Awaiting enlightenment,
please be gentle it's my first time :-}
C. J. Leonard <cjl@micro.med.cornell.edu
Return to August 1993
Return to “uri@watson.ibm.com”