1995-09-13 - Re: Scientology tries to break PGP - and

Header Data

From: Yih-Chun Hu <yihchun@u.washington.edu>
To: Andy Brown <asb@nexor.co.uk>
Message Hash: 2dfff0d8237998dd3e4d702a0bfaf0f7e6bc01ca9f9d0fb95df8ecc73cd78a7c
Message ID: <Pine.OSF.3.91j.950913101455.27871A-100000@saul4.u.washington.edu>
Reply To: <Pine.SOL.3.91.950913163953.25308J-100000@eagle.nexor.co.uk>
UTC Datetime: 1995-09-13 17:21:27 UTC
Raw Date: Wed, 13 Sep 95 10:21:27 PDT

Raw message

From: Yih-Chun Hu <yihchun@u.washington.edu>
Date: Wed, 13 Sep 95 10:21:27 PDT
To: Andy Brown <asb@nexor.co.uk>
Subject: Re: Scientology tries to break PGP - and
In-Reply-To: <Pine.SOL.3.91.950913163953.25308J-100000@eagle.nexor.co.uk>
Message-ID: <Pine.OSF.3.91j.950913101455.27871A-100000@saul4.u.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain

On Wed, 13 Sep 1995, Andy Brown wrote:

> On Wed, 13 Sep 1995, Henry W. Farkas wrote:
> > If decrypted with the "alternate" or "fake" secret key, the encrypted file
> > is wiped until it reaches a marker; the remainder of the file is
> > displayed.  If you use your "primary" or "real key", the extraneous text
> > is simply stripped.
> Useless I'm afraid.  They have the source code and have disabled your
> "feature" and attached loud alarm bells to it.

I don't see whats wrong with removing any checking done by PGP.
(ie don't keep a checksum or whatever) After all, they can't prove
that you didn't just encrypt a pgp +makerandom file.

Obviously, I would not want to use this "feature" in some cases,
so make adding a checksum be an extra command line option.

The new feature would of course not be backwards compatible, but
there is no way to disable the "feature" and no way to attach
loud alarm bells.

Of course, you are then faced with giving them a key which you know
will decrypt the file to gibberish. Ideally, you would steno the 
encrypted file.

+---- Yih-Chun Hu (finger:yihchun@cs.washington.edu) ----------------------+
| http://www.cs.washington.edu/homes/yihchun     yihchun@cs.washington.edu |
| http://weber.u.washington.edu/~yihchun         yihchun@u.washington.edu  |
+---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+
| 1024/E50EC641        B2 A0 DE 9E 36 C0 EB A6  F9 3E D2 DD 2F 27 74 79    |
| 2047/DF0403F9        18 EB 62 C8 7F 06 04 67  42 76 24 E2 99 D1 07 DC    |
+---- Random Thought ------------------------------------------------------+
|I conducted an experiment to test Murphy's Law, but everything went wrong.|