1993-12-02 - Re: NSA CAN BREAK PGP ENCRYPTION

Header Data

From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
To: rxt109@psu.edu (Bob Torres)
Message Hash: 9b2402bb3382d438d689c9b06a30f03a69f4395e22dca8b518635d71d2bec8a6
Message ID: <9312022235.AA07977@toad.com>
Reply To: <199312022035.AA26183@genesis.ait.psu.edu>
UTC Datetime: 1993-12-02 22:38:38 UTC
Raw Date: Thu, 2 Dec 93 14:38:38 PST

Raw message

From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
Date: Thu, 2 Dec 93 14:38:38 PST
To: rxt109@psu.edu (Bob Torres)
Subject: Re: NSA CAN BREAK PGP ENCRYPTION
In-Reply-To: <199312022035.AA26183@genesis.ait.psu.edu>
Message-ID: <9312022235.AA07977@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> >        Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to 
> >allow the NSA to easily break encoded messages. Early in 1992, the author, 
> >Paul Zimmerman, was arrested by Government agents. He was told that he 

hmm,  amazing that "Paul" Zimmerman can so easily put a backdoor into a
program he no longer maintains :)

> >        After reading this, you may think of using an earlier version of 
> >PGP. However, any version found on an FTP site or bulletin board has been 
> >doctored. Only use copies acquired before 1992, and do NOT use a recent 

wow!  they went to every bbs and replaced the files!  I wonder what they
threatened all of those BBS sysops with? :)


> >compiler to compile them. Virtually ALL popular compilers have been 
> >modified to insert the trapdoor (consisting of a few trivial changes) into 

amazing!  As if compiler designers didnt have enough problems trying to
optimize their code and make their code optimize others!  Now they have
to put up with inserting backdoors for NSA!  Hmm,  I wonder what kind
of backdoors they are putting into unix these days?

> >        It took the agency more to modify GNU C, but eventually they did it.
> >The Free Software Foundation was threatened with "an IRS investigation",
> >in other words, with being forced out of business, unless they complied. The
> >result is that all versions of GCC on the FTP sites and all versions above 
> >2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
> >with itself will not help; the code is inserted by the compiler into
> >itself. Recompiling with another compiler may help, as long as the compiler
> >is older than from 1992.

No wonder GCC is so slow!

>       --**--**--  R X T 1 0 9 @ E M A I L . P S U . E D U  --**--**--
> Bob Torres                      |  "I don't know what I'm writing about:
> plato@phantom.com               |     I'm obscure even to myself."         
>                                PGP PUB KEY AVAILABLE **        | -C.
> Lispector, _The Stream of Life_

Thanx for the cross-post Bob!  Great humor!  Anybody make sure that
no idiots over at alt.privacy believe this yet?

Thanx for the great software "Paul"!





Thread