-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Torbjørn Morka" writes:

>Concidering the date, i guess not, but i have never heard of CKT-versions
>before ?
>ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/

>Is this a hacked version with lots of backdoors ?

Hacked -- sure. As far as I know, there are no backdoors.

>Or is it some secret government-employed agent who has "re-compiled" it for
>ADK-purposes ??

The CKT versions come from Imad Faiad, who enhanced the 6.5.8 code
base. They are not approved by NAI, and presumably not by pgp.com.
Some people use these versions. They have some added features
compared to 6.5.8 (additional key types and bigger RSA keys, I
think).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.91 (SunOS)

iD8DBQFBeCxevmGe70vHPUMRAoMLAJ9Md5btTm2qEplC2ar39I AcWrzb1QCfUjem
U0LtVxNH29cpjaEv24aSzxk=
=8BDw
-----END PGP SIGNATURE-----

--
vote for regime change in Washington, Nov 02.

"Torbjørn Morka" wrote in
news:2MUdd.59383$Vf.2806844@news000.worldonline.dk :

> Concidering the date, i guess not, but i have never heard of
> CKT-versions before ?
> ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/
>
> Is this a hacked version with lots of backdoors ?
> Or is it some secret government-employed agent who has "re-compiled"
> it for ADK-purposes ??

As has been stated, these are personal builds of Imad that he made many
source code changes to, and made freely available for others to use. I
sincerely doubt that Imad would willingly do anything to weaken PGP in
his builds. I do believe that he actually went to great pains to make it
more usable and more secure.

However, I also agree with his statements that you should not use such
builds from third parties unless you personally review the source code
and verify that there are not backdoors, etc. Additionally, I personally
believe that such source code modifications may actually accidentally
introduce a weakness that is not easily noticed in regular use or even
source code review. And, although I really don't think it is at all
likely, it is within the realm of possibility that Imad was a CIA agent
assigned to weaken PGP in a way that paranoids would make sure to use it,
to help the US government. :-)

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

Tom McCune wrote:
| "Torbjørn Morka" wrote in
| news:2MUdd.59383$Vf.2806844@news000.worldonline.dk :
|
|| Concidering the date, i guess not, but i have never heard of
|| CKT-versions before ?
|| ftp://ftp.zedz.net/pub/crypto/pgp/pgp60/pgp658_ckt/
||
|| Is this a hacked version with lots of backdoors ?
|| Or is it some secret government-employed agent who has "re-compiled"
|| it for ADK-purposes ??
|
| As has been stated, these are personal builds of Imad that he made many
| source code changes to, and made freely available for others to use. I
| sincerely doubt that Imad would willingly do anything to weaken PGP in
| his builds. I do believe that he actually went to great pains to make it
| more usable and more secure.
|
| However, I also agree with his statements that you should not use such
| builds from third parties unless you personally review the source code
| and verify that there are not backdoors, etc. Additionally, I personally
| believe that such source code modifications may actually accidentally
| introduce a weakness that is not easily noticed in regular use or even
| source code review. And, although I really don't think it is at all
| likely, it is within the realm of possibility that Imad was a CIA agent
| assigned to weaken PGP in a way that paranoids would make sure to use it,
| to help the US government. :-)

Just because a person is paranoid doesn't mean there not out to get him.

You know, over the years enough things have come out about the U.S. gov't that
the idea that both Imad and the new PGP company are in co-hoots with NSA or
the CIA is *very* easy for me to believe.