Re: [ISN] PGP's 6.0: Cat Out of the Bag

From: mea culpa (jerichoat_private)
Date: Mon Sep 07 1998 - 02:44:45 PDT

  • Next message: mea culpa: "[ISN] X-Force combats hackers"

    Reply From: Raj Mathur <rajuat_private>
    PGP 5.0 was legally exported from the US. Apparently US laws forbid
    the export of crypto /software/ but not the export of books which have 
    source code of crypto software. The authors of PGP 5.0 published a
    book with complete source code, and (get this!) checksums of each line 
    of code. The book was (legally) exported from the US, the source code
    was scanned and OCR'd and the checksums of each line matched with the
    original checksums in the book. Once all errors were fixed, voila! PGP 
    had been exported from the US!
    All this is pretty well documented in the PGP 5.0 documents, and it
    wouldn't surprise me to learn that a similar method had been used for
    6.0 (did they have enough time to publish the source in a book and
    export it?) I need to download the International version of PGP 6.0
    and check it out, I guess.
    -- Raju
        Chris> How fast does software that shouldn't be exported from US
        Chris> shores get exported anyway?  So fast, the company that
        Chris> makes it hasn't even announced the software's existence.
        Chris> That's what happened to the latest version of Pretty Good
        Chris> Privacy(PGP)'s freeware Wednesday, when the author of a Web
        Chris> site in England posted the software for download.
        Chris> PGPfreeware 6.0 is a software utility that uses a form of
        Chris> strong encryption to scramble data, such as email messages,
        Chris> into unreadable code.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:03:22 PDT