-----BEGIN PGP SIGNED MESSAGE-----
At 08:58 AM 5/18/00 -0400, Russell Nelson wrote:
>L. Sassaman writes:
> > PGP's source code has always been available for public review.
> > This has not changed. There are no "back doors" for the NSA in
> > PGP,
>
><paranoia>Unless they are particularly subtle ones, based on a
>mathematical understanding that is not yet publicly known. Remember
>that the NSA knew about differential cryptanalysis well before
>anyone else. Times have changed, but maybe less than we
>think.</paranoia>
If there are weaknesses that the NSA didn't put there, they're holes,
not back doors. If the NSA knows how to break some of the algorithms
(IDEA, CAST-128, 3DES, RSA, SHA1, El Gamal, etc.), that's still not a
back door, it's a successful cryptanalysis. It seems very unlikely
to me, but maybe an F-16 would have seemed pretty damned unlikely to
Orville Wright, too.
On the up side, if NSA knows how to break (say) CAST-128 with few
enough resources to be useful (e.g., 2^{80} work, 2^{40} memory, a
few thousand known plaintexts), that fact will be kept secret. Which
means that they will have to be *very* careful making any use of
information recovered from that break, to avoid leaking the fact that
they can break it.
>-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
- --John Kelsey, [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOSTXcSZv+/Ry/LrBAQENeAP/VL1RU+d6ClOD+hvoeY20r1XmyJ5eLvms
isjHq0NuK05Rs3kJ0Hnpx1qv0kB9h2DiMOGLO/Z+lWjCt93F4z6t7aRDQGVKhNPK
LM+Pv9bTyywLpPPAYDYUIvJQjSUcF63OiSpCDpWmVMO6BY2Vdp/9Mh5qvWZ+8Td5
3BpMyMpKBgY=
=WBJe
-----END PGP SIGNATURE-----
