i dont think the fear is in the algorithms chosen. i think people would be
up in arms if what was advertised as Blowfish was ROT-13, for example. i
think its more of backdoors in terms of weak key (or limited key)
selection and various 'crumbs' of plaintext left available in the output.
to the best of my knowledge no one has done a serious audit of PGP since
2.6 days, since NAI took it over. since there were conspiracy theorists
claiming to have been visited by an NSA operative/officer and told to
weaken the PGP product at NAI, its a concern for people who would take
that at face value.
but given the traffic wedepend on that we secure with PGP, a serious audit
would be welcome. myself, i stopped using PGP from NAI cuz the code just
stopped builing cleanly, as opposed to GPG.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
