[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Fwd) FC: New version of PGP is "everything the FBI ever dream

Wird PGP unsicher, weil es Hintertueren hat? So dramatisch ist es 
sicher nicht, aber man kann mit der Version "PGP for Business 
Security 5.5," doch so einige interessante Sachen machen.....

------- Forwarded Message Follows -------
Date:          Fri, 3 Oct 1997 15:21:25 -0400
To:            fight-censorship-announce@vorlon.mit.edu
From:          Declan McCullagh <declan@well.com>
Subject:       FC: New version of PGP is "everything the FBI ever dreamed of"
Reply-to:      declan@well.com


Date: Fri, 3 Oct 1997 07:30:33 -0700
To: risks@csl.sri.com
From: Martin Minow <minow@apple.com>
Subject: New PGP "Everything the FBI ever dreamed of"

An article in today's (Fri, Oct 3) New York Times (CyberTimes)
describes the new release of "PGP for Business Security 5.5," which
contains mechanisms that incorporate key recovery mechanism that can either
be volontary or be enforced by using PGP's software for controlling a
company's SMTP server -- the server can verify that all encrypted messages
include the corporate public key (or conform to other corporate policies):

"The new version also includes some of the most sophisticated techniques
for enforcing this policy through the corporation. The most novel may be a
new version of software controlling a company's SMTP server, the machine
that acts as the central mailroom for a corporation. PGP provides a
software agent that will read all of the mail to make sure that it complies
with the corporate policy. This may include requiring all messages to be
signed with digital signatures or include a backdoor that the management
can use to read the message. If the software agent discovers a message
violates the policy, it can either return it to sender or simply log a copy.

"PGP implements the backdoor with a central key. Each message is  encrypted
with both the public key of the recipient and the public key of the
management. The message can only be read by someone holding the
corresponding private keys, in this case the recipient and the management.
The software allows the management to use different master keys for
different departments by customizing the software.

... "Bruce Schneier, an encryption expert and author of the popular book
Applied Cryptography, said that the new announcement "sounds like
everything the FBI ever dreamed of." He also predicts that criminals will
find ways to circumvent the restrictions while honest people may be more
vulnerable to illicit use of the master key."
Coincidently, the same issue of the New York Times has an editorial
<http://www.nytimes.com/yr/mo/day/editorial/03fri4.html> attacking
FBI director Louis Freeh's request that Congress "outlaw the
manufacture and distribution of encryption programs the Government cannot
instantly crack.

Martin Minow minow@apple.com

This list is public. To join fight-censorship-announce, send
"subscribe fight-censorship-announce" to majordomo@vorlon.mit.edu.
More information is at http://www.eff.org/~declan/fc/
SOFTCON IT-Service GmbH                 Germany
Gruenwalder Weg 28g, D-82041 Oberhaching
fon:089/61308-253             fax:089/61308-299

RSA-Programm from http://www.dcs.ex.ac.uk/~aba/rsa
Redistribution requested

     -export-a-crypto-system-sig -RSA-3-lines-PERL

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1