Re: PGP Backdoor

[Noah Salzman <nsalzman () ncircle com>]

It's entirely a myth.

NAI acquired TIS and PGP and the two teams never intermingled, other  
than both being on the 9th floor in Santa Clara.  TIS was the only part  
of the company that had any thing to do with Key Escrow.

The folks who ran the PGP group are the same group that are now  
involved with PGP Incorporated.  They have committed to publishing  
source code (just as they did for a while at NAI before NAI executives  
limited the practice to just the SDK code).

   --Noah--



On Monday, November 25, 2002, at 11:11 PM, Jay D. Dyson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 22 Nov 2002, Ted Yav wrote:
>
> > My organization was considering buying PGP Corporate for encryption.   
> > I
> > have heard rumors, however, that it was backdoored and therefore not
> > totally secure.  Does anyone know whether this is true or just a myth?
>
>         It's mostly a myth, though it is true that Network Associates,
> Inc. (NAI) was in bed with the Key Escrow movement[1].  This caused all
> manner of ill will between the crypto community and NAI during the time
> they owned PGP.  Eventually there came a time when NAI's Additional
> Decryption Keys feature[2] bit them in the ass and showed how flawed  
> the
> whole idea of "trusted third party" thinking really was.
>
>         For my own part, I never trust anything that's closed source.
> It's said that the true test of a person's character is what they do  
> when
> nobody's looking.  Speaking solely for myself, I am not inclined to put
> much faith in the character of people I do not know.
>
>         All told, I'd sooner recommend Gnu Privacy Guard (GPG) these days.
> It's just a better product overall.
>
> - -Jay
>
> 1.  
> http://www.privacy.nb.ca/cryptography/archives/cryptography/html/1998- 
> 11/0059.html
> 2. http://www.treachery.net/articles_papers/2000_09/pgp_adk.html
>
>   (    (                                                           
> _______
>   ))   ))   .--"There's always time for a good cup of coffee"--.    
> >====<--.
> C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |     
> = |-'
>  `--' `--'  `------ Lead, follow, or get-out-of the way. ------'   
> `------'
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQE94x68TqL/+mXtpucRAg0SAJ42sv/tZfxGx5CewsMrAnZ0xb+hcACgrTcu
> FZv3rcs46tEuy3ehn7LTwpo=
> =E08d
> -----END PGP SIGNATURE-----