Commercial PGP: Verifying Trustworthiness

Doug Merritt doug at netcom5.netcom.com
Tue Aug 31 07:39:03 PDT 1993 

--- Forwarded mail from Marc Horowitz <marc at Athena.MIT.EDU>

>From owner-cypherpunks at toad.com Mon Aug 30 23:40:01 1993
Received: from relay2.UU.NET by mail.netcom.com (5.65/SMI-4.1/Netcom)
	id AA14421; Mon, 30 Aug 93 23:39:57 -0700
Received: from toad.com by relay2.UU.NET with SMTP 
	(5.61/UUNET-internet-primary) id AA10745; Tue, 31 Aug 93 02:40:50 -0400
Received: by toad.com id AA14781; Mon, 30 Aug 93 23:33:56 PDT
Received: by toad.com id AA14701; Mon, 30 Aug 93 23:31:26 PDT
Return-Path: <marc at Athena.MIT.EDU>
Received: from Athena.MIT.EDU ([18.72.1.1]) by toad.com id AA14688; Mon, 30 Aug 93 23:31:23 PDT
Received: from OLIVER.MIT.EDU by Athena.MIT.EDU with SMTP
	id AA00837; Tue, 31 Aug 93 02:28:59 EDT
Received: by oliver.MIT.EDU (AIX 3.2/UCB 5.64/4.7) id AA14903; Tue, 31 Aug 1993 02:28:52 -0400
Message-Id: <9308310628.AA14903 at oliver.MIT.EDU>
To: bbyer at BIX.com
Cc: honey at citi.umich.edu, cypherpunks at toad.com
Subject: Re: Commercial PGP: Verifying Trustworthiness 
In-Reply-To: Your message of Tue, 31 Aug 93 00:14:18 -0400.
             <9308310014.memo.72462 at BIX.com> 
Date: Tue, 31 Aug 93 02:28:52 EDT
From: Marc Horowitz <marc at Athena.MIT.EDU>


Marc Horowitz <marc at Athena.MIT.EDU> said:
>> I dunno.  The early versions of UNIX had a back door in the login [...]
>I've let a lot of stupid comments go by, but I have to respond to this one.
>
>It is true that Dennis Ritchie (I believe, if not him, one of the
>other original UNIX authors) proposed such a login/compiler virus.
>But it wasn't in any early version of UNIX.

Stupid? Watch the flame bait...he merely overstated a touch. The back doors
weren't part of any of the full distributions, it's true, but they
were quite a bit more than proposals. Ken Thompson actually distributed
those back doors via a compiler update, warning of a security problem
and urging all sites to recompile. Most did, which inserted the back doors
into the programs. That's close enough to the original claim.

See the Ken Thompson & Dennis Ritchie Turing Award Lecture, which goes
into detail about this. The level of sneakiness involved was amazing.
Compilers are the ultimate security breach.
	Doug

More information about the Testlist mailing list