[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] French users of OpenPGP against the PGP« of NAI


-------------------------------- CUT -------------------------------

19 September 2000 Source:
http://www.geocities.com/SiliconValley/Bay/9648/pgp2000.html (in

Translation by Cryptome.

"What Has PGP« Become?"

French users of OpenPGP against the PGP« of NAI

By PGP en franšais (web site) and Michel Bouissou (administrator

PARIS, September 19, 2000

"It's personal. It's private. And it's no one's business but yours." -
- Philip Zimmermann, PGP User's Guides, 1991.

At the end of August, a German researcher, Ralf Senderek, highlighted
a serious bug in the ADK function (Additional Decryption Key or
additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x
(http://www.cert.org/advisories/A-2000-18.HTML). This bug was
corrected very quickly by PGP Security Inc, a subsidiary of Network
Associates Inc. (NAI).

At the end of May, three European researchers had found another bug
in the random generator of the Unix/Linux version of PGP 5.0
(http://www.cert.org/advisories/A-2000-09.HTML). Versions 6.5 did not
contain this bug.

We are long-time users of PGP«. We have used it since 1995, and some
among us used it even since 1992. As French, we lived a long time
under a prohibition against the use of PGP« (but since France is a
democracy, in practice we could use it freely and publicly). We knew
what PGP« was: a tool of security providing nearly perfect
confidentiality and a robust authentification. But since version 2.0,
eight years after September 1992, what has become of PGP« in the year

Today, after the bug of PGP« 5.0 Unix and the bug of the ADK, we no
longer have any confidence in the recent versions of PGP«.

We reproach NAI for having transformed a software for computer
security into a software for marketing.


-------------------------------- CUT -------------------------------