1996-11-08 - Re: Validating a program

Header Data

From: Dale Thorn <dthorn@gte.net>
To: Adam Shostack <adam@homeport.org>
Message Hash: 66758a116c55181c202438c93a4de8bde5cb3ec3f347d03ec13557c8e39c1205
Message ID: <3282BD90.43FA@gte.net>
Reply To: <199611071941.OAA13267@homeport.org>
UTC Datetime: 1996-11-08 05:03:59 UTC
Raw Date: Thu, 7 Nov 1996 21:03:59 -0800 (PST)

Raw message

From: Dale Thorn <dthorn@gte.net>
Date: Thu, 7 Nov 1996 21:03:59 -0800 (PST)
To: Adam Shostack <adam@homeport.org>
Subject: Re: Validating a program
In-Reply-To: <199611071941.OAA13267@homeport.org>
Message-ID: <3282BD90.43FA@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adam Shostack wrote:
> Dale Thorn wrote:
> | stewarts@ix.netcom.com wrote:
> | > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
> | > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> | > >> > there a back door, and have we been fooled by NSA to believe it's secure?

> | > You can read and compile the source code yourself.

> | Really?  All 60,000 or so lines, including all 'includes' or attachments?
> | I'll bet you can't find 10 out of 1,000 users who have read the total source,
> | let alone comprehended and validated it.

[snip]

> In short, if you're paranoid, feel free to look over the source.  But the fact that
> most people have never peeked under the hood is not a strike against pgp at all.

The quip about peeking under the hood may apply OK to an automobile, but to a program
which encrypts?  Granted that most messages (99+ % ??), if read by NSA et al, won't
put the sender in any great danger, but when the application is really serious, as it
always is sooner or later, you must realize that people could be taking great risks
with PGP encryption, and "pretty sure" isn't good enough when it's really, really
vital to have bulletproof security.






Thread