Question about backdoors

Todd Freedom_Lover at pobox.com
Mon Feb 9 13:49:14 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

kgriffi at siue.edu wrote:
> I'm currently on break in a security class where someone has
> mentioned the backdoor NAI put in PGP.

Did this someone provide any evidence of this alleged backdoor in
some NAI release of PGP or did they just pass on rumor and innuendo,
AKA FUD?

> Since Gnupg is open source can/does something like this exist?

It could.  Who do you know and trust that's competent to carefully
look over the all the GnuPG code and spot backdoors?  If that number
is zero or close to it, then you are going on some amount of trust
that David, Stefan, Timo and Werner haven't slipped something in and
that if they have, someone else will notice (and publicize) it.

Also, it's been a while since I've tracked PGP closely, but IIRC, it
was only the last NAI release (version 7) that did not include any
corresponding source code release.  While commercial PGP was never
under any open source license, it has always been released -- with the
exception of PGP 7 -- with source code for peer review.

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
When a man says he approves of something in principle, it means he
hasn't the slightest intention of carrying it out in practice.
    -- Prince Otto

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQFAJ9Yquv+09NZUB1oRAiwpAJ0bGBj3b+AN/xUaE0DSzDQtF+6RQACePwSp
8vaS5TV+c+bf6QQUfkY7Er4=
=LLtC
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list