From: smb@research.att.com
Date: Sun, 29 Aug 93 05:43:57 PDT
To: mbriceno@aol.com
Subject: Re: Examination of ViaCrypt's PGP by members of this group
Message-ID: <9308291242.AA16121@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	 A group of even the most competent reviewers can overlook some
	 problems in the code. It may take a long time before a flaw is
	 discovered. The stamp of approval by some members of this list
	 to a commercial PGP with a secret source code would therefore
	 be little more than a marketing scheme. It would be no
	 different from the expert review marketing scheme used to sell
	 us Clipper, as --I think it was John Gillmore-- has recently
	 explained.

No, there is an important difference:  you'd be starting from known-
good source.  That might make the task feasible.

That doesn't mean it's easy, of course.  A fair number of years ago, I
participated in a review of some code which had been developed, in
part, by someone who was later convicted of assorted {h,cr,chr}acking-
related offenses.  There was far too much source code to check it all;
however, we knew when this person had first had access, so we could use
diff on many modules.  That tremendously reduced the scope of the
effort.  We did find one curious construct -- a combination of two bugs
that together constituted a security hole.  Either alone was harmless.
And to this day, I don't know if they were inserted deliberately.