PGP Opens Up Encryption Source Code

Started by Metgod, December 22, 2002, 02:14:20 AM

Previous topic - Next topic
Good or bad ? Quite debateable..

One side says that if PGP source code is open, then better methods can be implemented and security can improve. On the other hand, you could say that since it is open.. exploits can be easily found. Well, true, but I think both are relevant. Both are true. But what does everyone here think ?

One of the more successful encryption schemes was DES3 that is used in Unix. Remember folks, brute force (dictionary attacks, for instance) is not the same as cracking it. Read up on the algo specifically the way it is implemented in Unix. Is quite impressive. Everything is vulnerable to something though. If it's on, it's vulnerable to something. Hell, even if it's off it could be physically stolen.

Opinions ?

Met


http://www.eweek.com/article2/0,3959,746602,00.asp

By Dennis Fisher
December 4, 2002

Newly formed PGP Corp. took a big step Monday toward endearing itself
to cryptography enthusiasts and privacy advocates by releasing the
source code for its flagship line of encryption products.

The code for the entire PGP 8.0 line - which was also introduced
Monday - is available on the company's Web site for free download.  
This move is a resurrection of the policy of openness and freedom that
led to the creation of the original Pretty Good Privacy software more
than 10 years ago and was a hallmark of the now-defunct PGP Inc.

Users can download and review the code for free but cannot reuse or
modify it.

The publication of cryptographic algorithms and source code for
encryption products has long been a common way for cryptographers and
developers to test the strength and security of their products. But as
more and more of the original freeware and shareware encryption
products moved into the corporate realm, the practice has gradually
fallen out of favor.

When PGP Corp. announced its formation earlier this year, company
officials made a point of saying that they would release the PGP
source code. The company purchased the PGP product line from Network
Associates Inc., which had bought the original PGP Inc. business from
Phil Zimmermann, the product's creator.

NAI's refusal to release the PGP source code was one of the reasons
that Zimmermann eventually left NAI.

"PGP is the only security software company sufficiently committed to
product integrity and security to publish its intellectual property in
the form of source code for peer review," said Phil Dunkelberger,
president and CEO of PGP, based in Palo Alto, Calif. "We believe that
releasing the source code for security-related software should be a
standard industry practice and a requirement of any serious security
vendor."

The PGP 8.0 line includes both Windows and Macintosh versions of the
PGP Desktop, PGP Enterprise and PGP Personal as well as a new version
of PGP Freeware. The Macintosh products include support for OS X, and
the Windows line now supports XP and XP Office.

"My Terminal is my Soul"

I think that its somewhat of a 2 edged sword. But i do think that its good. One of my friends who codes thought it was great. Me? Well, im "fiddy-fiddy" on it. I still think its cool though. It could open up new and innovative ideas possibly.

SMF spam blocked by CleanTalk