1996-02-21 - No Subject

Header Data

From: owner-cypherpunks@toad.com
To: N/A
Message Hash: 0df823fe46e31fa936e1d12313d5e1c35270d1a3c5a93e01a01ce92f93259f47
Message ID: <QQadvy21188.199602210941@relay3.UU.NET>
Reply To: N/A
UTC Datetime: 1996-02-21 09:43:06 UTC
Raw Date: Wed, 21 Feb 1996 17:43:06 +0800

Raw message

From: owner-cypherpunks@toad.com
Date: Wed, 21 Feb 1996 17:43:06 +0800
Subject: No Subject
Message-ID: <QQadvy21188.199602210941@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



	I have been following this debate with some interest. I think that
it is quite clear that without your publishing the algorithms for your
product, you have to accept our skepticism obout your claims. You have
offered to do this so I will wait to make my judgement. 
	The issue that I have not seen you address is one that has been
brought up by several posters to this thread. This issue has to do with
the fact that if you generate all of the keys (or whatever) what is to
stop someone from offering one of your employees a LARGE bribe to cough up
the keys? 
	I don't think that anyone on this list would accept as secure any
system, no matter how clever, that relies on a human factor. People are
weak, properly used, mathematics is not. To suggest that such a security
breach would not occur with your procedures is disingenuous in the
extreme. 
	I am not trying to start (or continue) a flame war. I am willing
to learn more about your system before I pass judgement but I must tell
you, however, that I have heard nothing yet to give me any confidence 
that your system is secure. 

Regards,
Tim Philp

===================================
For PGP Public Key, Send E-mail to:
pgp-public-keys@swissnet.ai.mit.edu
In Subject line type:
GET PHILP
===================================








Thread