[ISN] PGP Opens Up Encryption Source Code

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 23:00:19 PST

  • Next message: InfoSec News: "[ISN] Security UPDATE, December 4, 2002"

    By Dennis Fisher 
    December 4, 2002 
    Newly formed PGP Corp. took a big step Monday toward endearing itself
    to cryptography enthusiasts and privacy advocates by releasing the
    source code for its flagship line of encryption products.
    The code for the entire PGP 8.0 line - which was also introduced
    Monday - is available on the company's Web site for free download.  
    This move is a resurrection of the policy of openness and freedom that
    led to the creation of the original Pretty Good Privacy software more
    than 10 years ago and was a hallmark of the now-defunct PGP Inc.
    Users can download and review the code for free but cannot reuse or
    modify it.
    The publication of cryptographic algorithms and source code for
    encryption products has long been a common way for cryptographers and
    developers to test the strength and security of their products. But as
    more and more of the original freeware and shareware encryption
    products moved into the corporate realm, the practice has gradually
    fallen out of favor.
    When PGP Corp. announced its formation earlier this year, company
    officials made a point of saying that they would release the PGP
    source code. The company purchased the PGP product line from Network
    Associates Inc., which had bought the original PGP Inc. business from
    Phil Zimmermann, the product's creator.
    NAI's refusal to release the PGP source code was one of the reasons
    that Zimmermann eventually left NAI.
    "PGP is the only security software company sufficiently committed to
    product integrity and security to publish its intellectual property in
    the form of source code for peer review," said Phil Dunkelberger,
    president and CEO of PGP, based in Palo Alto, Calif. "We believe that
    releasing the source code for security-related software should be a
    standard industry practice and a requirement of any serious security
    The PGP 8.0 line includes both Windows and Macintosh versions of the
    PGP Desktop, PGP Enterprise and PGP Personal as well as a new version
    of PGP Freeware. The Macintosh products include support for OS X, and
    the Windows line now supports XP and XP Office.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 01:36:57 PST