Question about backdoors

Todd Freedom_Lover at
Mon Feb 9 13:49:14 CET 2004

Hash: SHA1

kgriffi at wrote:
> I'm currently on break in a security class where someone has
> mentioned the backdoor NAI put in PGP.

Did this someone provide any evidence of this alleged backdoor in
some NAI release of PGP or did they just pass on rumor and innuendo,

> Since Gnupg is open source can/does something like this exist?

It could.  Who do you know and trust that's competent to carefully
look over the all the GnuPG code and spot backdoors?  If that number
is zero or close to it, then you are going on some amount of trust
that David, Stefan, Timo and Werner haven't slipped something in and
that if they have, someone else will notice (and publicize) it.

Also, it's been a while since I've tracked PGP closely, but IIRC, it
was only the last NAI release (version 7) that did not include any
corresponding source code release.  While commercial PGP was never
under any open source license, it has always been released -- with the
exception of PGP 7 -- with source code for peer review.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL:
When a man says he approves of something in principle, it means he
hasn't the slightest intention of carrying it out in practice.
    -- Prince Otto

Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.


More information about the Gnupg-users mailing list