Gene Heskett wrote:
> Helluvagood question Claude, that same thought has crossed my mind
> for several so-called security products, particularly Phil
> Zimmermans pgp versions SINCE he was released from prison, and one
> reason that until I'm reassured by someone knowledgeable, and whom I
> can personally believe in, says its clean, I will never use a pgp
> newer than 2.6.2i.
Firstly, Phil wasn't in prison. Certainly the US governments undue
harassment of him was a great burden on him, but it is not nearly as
harsh as prison would have been.
Secondly, if you really want to be paranoid to an extreme, then you'd
be a fool to use an encryption program that relied on the MD5 hash for
any part of it. There are other known weaknesses in PGP 2.6.2 that
are corrected in later versions of the OpenPGP specification. You'd
do better to choose an implementation of that spec that you trust,
whether it is PGP, GnuPG, or one of several others.
(Lastly, it's Zimmermann, with two n's, in case anyone is googling and
wants more accurate hits. :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
A little inaccuracy sometimes saves a ton of explanation.
-- H. H. Munro (Saki) (1870-1916)
Attachment:
pgplsuz0Ao8eg.pgp
Description: PGP signature
