From: Steve Crompton <sunray@globalnet.co.uk>
Date: Thu, 28 Nov 1996 04:10:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re:PGP263UI
Message-ID: <1.5.4.16.19961128120855.1a1f3dd8@mail.globalnet.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Mark M. (markm@voicenet.com) wrote on
  Sat, 23 Nov 1996 22:24:41 -0500 (EST)

>...

>> Note that I personally have not done very much of the actual coding on
>> this version. However if bugs are reported or constructive
>> suggestions for improvements made I will pass them on to the
>> individual(s) who have done the bulk of the work to make this release
>> possible. I am assured that continuing support will be provided.

>I found two bugs so far:
>
>This version doesn't recognize either .pgprc or pgp.ini as valid
>config file names.  It is very minor, but this functionality is
>stated in the manual.

I couldn't find any mention of either filename in -our- docs.
Please point out the reference if I missed it. I think this was
an MIT "feature". I don't plan to copy it.

>One of my favorite options, +makerandom, isn't supported in this
>version.  This is an undocumented option, but it is useful in
>many situations.

Not as useful as you might think. A bug has been reported in the
MIT version that +makerandom produces -weak- pseudo-random
output, as (I am told) can be verified by just generating a large
"random" file and viewing it with a hex viewer, looking for
regular patterns. I don't know if this was ever fixed in Stale's
version. This bug does not produce a weakness in the normal
functions of MIT or Stale's PGP.

MIT heavily rewrote the random number functions for their
versions of PGP and the +makerandom feature depends on this
rewrite. I did not want to try to import "mass quantities" of
code from MIT both to respect their copyright and to maintain to
some degree the independence of the MIT-derived and 2.3a-derived
versions to that a bug in one might not be reproduced in the
other.

For Random numbers up to 24 bytes (192 bits), just use a -copy-
of RANDSEED.BIN.

For a longer random file, just encrypt (either RSA or
conventional IDEA) a file a little longer than the file desired.
Throw away a few hundred bytes from the start and end. The result
will be just as strongly random as +makerandom even without the
current bug.

>This version uses +version_byte instead of +Legal_Kludge, but I
>consider that a feature.  I haven't had time to experiment with
>the "Charset:"  header.  One other minor problem is that
>ClearSig doesn't default to "on".  This could cause some
>frustration with new users.

I haven't tried to imlpement the "Charset" header and probably
won't. If this feature is important to you, use Stale's version.
I will look into this for the next version, but no promises.

Clearsig is working correctly as we document it. Another MIT
change. It would be more work to change the documentation than
the code, but I will consider this for the next release.

>Other then that, it's just fine.

Thanks for your constructive criticism and comments.


Steve Crompton 100645.1716@compuserve.com (preferred)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Requires PGP version 2.6 or later.

iQEVAwUBMp14FhRHWQsRmI2RAQHndggAgNdcOqya2NPX+8KOkoj1qoYnGBRprREK
t0l3sK2HHqUQwTwKSkW5ugD898kG26HjCVlMsqfgQVcw+3nAhZgU/t7MCU9/orD8
yUc9vtXr/C4lLJHTtDGVpjPfRAJpV0m0myDwoqXZo4gTrkoQG43mKaE4eLv9qcl4
zGv4fMv/lh7hUwfUsZ6c7ULGPfKeYtknO1Hh3gKYX6HJPz5Qki2toIdH8qxpw51v
CC/Q/MLxLQUGYH/jdHqvUSSD0G1QIu/D/LlL9VaUtPJemqPOuBGmk+ywvE7AAfNG
uEnO/AumU3j1yPnFXqv5pUKGxP1gKbMyKR8lrEwWcrDapaiC6mW4oQ==
=qk2B
-----END PGP SIGNATURE-----