PGP 5 code base released

Rohit Khare (khare@w3.org)
Mon, 16 Jun 1997 17:39:29 -0400 (EDT)


From: Lucky Green <shamrock@netcom.com>
Subject: Re: New key for shamrock

At 02:52 AM 6/16/97 -0400, Black Unicorn wrote:
>I have a lot of questions for PGP, Inc.

[I do not work for PGP, Inc.]

>Why is source code being released in book only form?

Because PGP wants to avoid even the appearance of improprietry. If they
made electronic source available inside the US, it would be exported
illegally. By only providing printed source, they can assure that any
exports occurring are 100% legal. Which in turn will make their investors
happy.

The source was released at the Cypherpunks meeting on Saturday. People
outside the US are standing by with industrial scanners equipped with sheet
feeders. Electronic source will be available within a week or two. [The
source was printed in OCR-B type font. Each page has an error correcting
checksum.]

>Why is CAST used in PGPDisk?

Because Phil is following his gut feeling as he did back with IDEA. The
CAST design criteria look pretty solid. Phil is simply skating to where he
thinks the puck will be.

>Why is the S-Box set used in PGPDisk's CAST not being released?

Nortel designed the S-boxes used by PGP to be as non-linear as possible.
The arrived at the values through trial and error. I don't know why the
values have not been released if they indeed have not, but I would suspect
that PGP simply didn't have the bandwidth. Give them some time to recover
from the PGP 5.0 release. You have to lift a box containing the source to
fully appreciate the work that went into PGP 5.0. Several people from PGP
told me that they slept a total of 15 hours during the last week.

>What has been done to avoid subliminal channels known to exist in the
> methods used by PGP 5.0? (El Gamal)

No idea. But the answer to your question can be found in the source.
Understand that PGP released the *entire* source. Not just the core, but
everything. Including GUI, icons, and the nifty movie that plays while a
key is being generated.

--Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred.

Put a stake through the heart of DES! Join the quest at
http://www.frii.com/~rcv/deschall.htm