PolfaJelfa said:
Still there is as i have heard from very reputable people a backdoor into all the PgP...so that is jsut an illusion of privacy too. Makes it tougher but not much.
I'm not doubting you, but I'd love to hear more about this "backdoor" that a few folks talk about. I'm a security consultant to many companies, and I'm not a newbie at it. Back when NAI/McAfee held the PGP code, they didn't make it available to anybody for review. The rumours started.
PGP Corporation took over the product/code, and was plagued by rumours of a "backdoor", and that's why they release their source-code to the community now - and nobody has documented any backdoors in the code. The security community as a whole believes that PGP is solid - and that's saying a lot.
It's possible to mount an attack upon any computer, however: hypothetically, we could implant a keystroke logger on the victim's machine, and capture everything (s)he types, and dump that log to our server. Then, we'd have the victim's passphrase - and we'd be in. However, that's going to require that the victim somehow allows spyware to be implanted on his/her computer. A lot of security still comes down to the individual user.
In the UK, the lawmakers have a different strategy: if you're asked to provide your PGP key/passphrase as part of an investigation, and you refuse, you go to jail for 2 years.
If you can provide me with any documented "backdoors" in any version of PGP, I'd be happy to review them to the best of my ability. I'll even fund a code review to look for the existence of those backdoors in current code.
Why am I willing to do this? B/C if there is a backdoor, and I'm the first in the security world to publicize it, my billable rate is gonna go way up.
Please Scroll Down to See Forums Below 
.jpg "Research Chemical Sciences")
.png "Research Chemical Sciences")
at the guys giving the advice.
