From: Jonathan Wienke <JonWienk@ix.netcom.com>
Date: Tue, 30 Sep 1997 09:24:25 +0800
To: Anonymous <cypherpunks@cyberpass.net
Subject: Re: [NTSEC] pgp 5.0 back door
In-Reply-To: <60ea750d816659dde629440a5798ee63@anon.efga.org>
Message-ID: <3.0.3.32.19970929175251.0305d3c4@popd.netcruiser>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3984.1071713735.multipart/signed"

--Boundary..3984.1071713735.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

At 12:17 PM 9/29/97 -0400, Anonymous wrote:
>The PGP Web site in http://www.pgp.com/products/differences.cgi has a list
>of differences between PGP 5.0 (personal PGP) and PGP 4.5.x (corporate
>PGP).  The corporate one includes a feature that the private one doesn't
>called "message recovery".  Given Phil's fanaticism outlined above, this
>presumably isn't any way to get at the plaintext without the user's
>knowledge or cooperation, but just what the heck IS it?  I can't find a
>description of the feature on-line.  The manual itself is on-line in PDF,
>which presumably answers this question for acrobat fans.  I see nothing
>about "message recovery" in the hard-copy PGP 4.5 manual.

It is my understanding that this is a setting to force 4.5 to encrypt all
messages to a specified key, which would be the corporate "message
recovery" key.  PGP 5.0 has a similar feature--a check box labeled "always
decrypt to default key" in the settings.  When this box is checked, the
default public key (usually one of yours) will always appear in the
recipient list when encrypting a message.  In 5.0, the default key is
visible in the recipient list, and it can easily be remived via drag and
drop.  I think that 4.5.x didn't show the key, and didn't allow the user to
remove it.


Jonathan Wienke

What part of "the right of the people to keep and bear Arms, shall not be
infringed" is too hard to understand? (From 2nd Amendment, U.S. Constitution)

PGP 2.6.2 RSA Key Fingerprint: 7484 2FB7 7588 ACD1  3A8F 778A 7407 2928
DSS/D-H Key Fingerprint: 3312 6597 8258 9A9E D9FA  4878 C245 D245 EAA7 0DCC
Public keys available at pgpkeys.mit.edu. PGP encrypted e-mail preferred.

Get your assault crypto before they ban it!

US/Canadian Windows 95/NT or Mac users:
Get Eudora Light + PGP 5.0 for free at http://www.eudora.com/eudoralight/
Get PGP 5.0 for free at http://bs.mit.edu:8001/pgp-form.html

Non-US PGP 5.0 sources:
http://www.ifi.uio.no/pgp/
http://www.heise.de/ct/pgpCA/download.shtml
ftp://ftp.pca.dfn.de/pub/pgp/V5.0/
ftp://ftp.fu-berlin.de/pub/pc/win95/pgp
ftp://ftp.fu-berlin.de/pub/mac/pgp
http://www.shopmiami.com/utopia.hacktic.nl/pub/replay/pub/pgp/pgp50/win/

RSA export-o-matic:
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

--Boundary..3984.1071713735.multipart/signed
Content-Type: application/octet-stream; name="pgp00010.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00010.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogUEdQIGZv
ciBQZXJzb25hbCBQcml2YWN5IDUuMApNZXNzYWdlSUQ6IFRwMG44VlhwMjc1
T1VuS0ZGMGtESU8vOEZ0UG5COG1pCgppUUEvQXdVQk5EQk4yY0pGMGtYcXB3
M01FUUw2VWdDZzhZS0xqbUNjY1FqWmV5QThsVzlRWUJRcFI3Z0FuUkN1Ckpq
TjdsbHFRZ1crVTFZQW9rUVR1MVdDWgo9Z0RoSwotLS0tLUVORCBQR1AgU0lH
TkFUVVJFLS0tLS0K
--Boundary..3984.1071713735.multipart/signed--