FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
http://cryptome.org/pgp-what.htm
19 September 2000 Source: http://www.geocities.com/SiliconValley/Bay/9648/pgp2000.html (in French)
Translation by Cryptome.
"What Has PGP® Become?"
French users of OpenPGP against the PGP® of NAI
By PGP en français (web site) and Michel Bouissou (administrator network)
PARIS, September 19, 2000
"It's personal. It's private. And it's no one's business but yours." - - Philip Zimmermann, PGP User's Guides, 1991.
At the end of August, a German researcher, Ralf Senderek, highlighted a serious bug in the ADK function (Additional Decryption Key or additional key of deciphering) of PGP 5.5.x, 6.x and 6.5.x (http://www.cert.org/advisories/A-2000-18.HTML). This bug was corrected very quickly by PGP Security Inc, a subsidiary of Network Associates Inc. (NAI).
At the end of May, three European researchers had found another bug in the random generator of the Unix/Linux version of PGP 5.0 (http://www.cert.org/advisories/A-2000-09.HTML). Versions 6.5 did not contain this bug.
We are long-time users of PGP®. We have used it since 1995, and some among us used it even since 1992. As French, we lived a long time under a prohibition against the use of PGP® (but since France is a democracy, in practice we could use it freely and publicly). We knew what PGP® was: a tool of security providing nearly perfect confidentiality and a robust authentification. But since version 2.0, eight years after September 1992, what has become of PGP® in the year 2000?
Today, after the bug of PGP® 5.0 Unix and the bug of the ADK, we no longer have any confidence in the recent versions of PGP®.
We reproach NAI for having transformed a software for computer security into a software for marketing.
[...]