[This is very interesting. NAI who now owns and supports PGP, seems to question why anyone would want to use such strong encryption.]

---------- Forwarded message ----------
From: "Thompson, Schuyler" (sthomps@bighorn.dr.lucent.com)
To: dc (dc-stuff@merde.dis.org)
Date: Wed, 14 Oct 1998 13:34:20 -0600
Subject: RE: PGP Backdoored?

	Here's the original letter ('Raston' is my moniker, at personal
address).  This is the letter that actually answers the questions- there
were several attempts because the prior responses I received wouldn't say a
thing about it.

	(And, retreiving it from archive and re-reading it, I didn't quote
the last sentance correctly the first time, though the premise was there-
sorry for the inaccuracy.)

-----Original Message-----
From: Crowley, Greg [mailto:Greg_Crowley@NAI.com]
Sent: Monday, June 22, 1998 9:15 AM
To: 'raston@nilenet.com'
Cc: DeSpain, Brian
Subject: RE: Customer Care form feedback

Hash: SHA1

Hi Raston:

I'm an SE here at Nai.

PGP uses a 128 bit symmetric key.  This is the underlying encryption
before it is locked with the appropriate recipient's public key which
is scaleable from 796 to 4096 bits.  Blowfish generated keys are not
readable with PGP software.  However, with the largest installed
customer database you're better off going with PGP in terms of
widespread usability.  Your question about strength or "hack-ability"
is a moot question since you probably don't own three CRAY
supercomputer or have the required time frame (12 million times the
age of the universe).  PGP uses Diffie-Helman primarily with an
underlying DES key with RSA capabilities.  There is no back door to
PGP, however, using our Policy Management Agent for SMTP, you could
implement a key escrow policy.  5.0 Vs 5.5.5 is just a bunch of more
attractive GUI's and plug-ins.

It makes me wonder what you're encrypting with all these questions.

Greg Crowley
Systems Engineer
PGP Specialist

main page ATTRITION feedback