From: norm@netcom.com (Norman Hardy)
Date: Thu, 26 Aug 93 14:57:34 PDT
To: cypherpunks@toad.com
Subject: Re: Commercial PGP: Verifying Trustworthiness
Message-ID: <9308262157.AA25459@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


thug@phantom.com (Murdering Thug) writes:
> I'm assuming the NSA will pressure ViaCrypt to put in a backdoor.  One
> possible backdoor that can be placed inside the commercial PGP and still
> allow it to pass the above test is if commericial PGP secretly writes all
> keys and pass phrases to a block on your hard disk, and marks that
> block as used to the file system.  In order to prevent you from scanning
> your hard disk and finding that block, the information stored there could
> be encrypted by a key which the NSA has in it's possession.
 
At least the Commercial PGP is not tamper proof and examination can,
in principle, discover the backdoor. After discovery it would
impossible to deny.