1995-07-31 - Re: your mail

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 9756770a4c9b0aa91b17f45e53bbf7c1388f36838161321f40366687cdbf40ec
Message ID: <199507311925.PAA28281@toxicwaste.media.mit.edu>
Reply To: <9507311434.AA25514@all.net>
UTC Datetime: 1995-07-31 19:26:05 UTC
Raw Date: Mon, 31 Jul 95 12:26:05 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 31 Jul 95 12:26:05 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: your mail
In-Reply-To: <9507311434.AA25514@all.net>
Message-ID: <199507311925.PAA28281@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

Hey, Doc...

> The term paranoid is inappropriate in this context.  Paranoia refers to
> an irrational fear, while I am expressing a rational concern over a
> system that has been taken over by a (partially) government funded
> university and which has not been properly verified.  The history of
> cryptography (as they say) is (quite literally) littered with the dead
> bodies of people killed because somebody else thought a cryptosystem was
> good enough when it was not. 

If you are concerned that someone put a whole or backdoor in PGP, then
go grab the source and take a look for yourself.  Thats why the code
is available.  If you can't understand it, then you probably have no
real right to complain!  However if you are still paranoid (and yes, I
do believe this is an irrational fear, being the person who maintains
the MIT PGP development sources) then go find someone who can
understand it and ask them.

As a side note, PGP does not go out of its way to choose "good" primes
over other primes.  Take a look at genprime.c and read the comment
near the top of the file.  It explains why.