Doug Mentohl wrote:
> on Jan 15 2007 21:10 Rex Ballard wrote:
>
> > You would probably have to go back to Visicalc ..
>
> Do you have any reference or citation for the NSA getting PGP modified
Keep in mind that any details would be classified, and releasing such
information to the public
would be a felony with a 10 year prison sentence. Obviously there
would only be allusions to it.
http://interviews.slashdot.org/article.pl?sid=01/09/24/162236&mode=thread
Phil refused to put in a "back door", but did put in a "fixed salt"
that help make it easier for NSA to decrypt.
http://www.jya.com/nsa-sun.htm
Keep in mind though, that PGP and GPG are both some of the best
encryption tools available, since they allow a single exchange of a key
via an SSL connection to be passed very quickly, and from that point on
there are no 3rd party exchanges. This means that these forms of
encryption can only be cracked by the supercomputer clusters of the NSA
and even then, only with a court order.
The exception would be that all of your interactions (phone, computer,
bugging) were being recorded and monitored, in which case the key
exchange itself would have been evesdropped. Not too many ways around
that. However, even this level of monitoring is supposed to require a
court order.
Of course, the real problem is that if you are running Windows, and you
run IE and Outlook with HTML previewing and ActiveX and/or Signed Java
Applets enabled, then ANYBODY can access ANY of the private keyrings on
your PC, and if you store your passwords anywhere, or use the same
passwords, or don't change them frequently, then anybody could crack
those keys. In fact, it might not even be necessary to crack the keys,
all you have to do is access the files as that user.
Ultimately, the biggest "back door" for encryption, is Windows itself.
> http://groups.google.co.uk/group/comp.os.linux.advocacy/msg/3884f5d59e7e45c3?hl=en&;
|
|
