1995-08-01 - Attacks on PGP

Header Data

From: tcmay@sensemedia.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 0cf3cd693f09fda16d36e95936aaa82bb48ed269e457e8af3a190d872004e572
Message ID: <ac42d74b05021004a9dd@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-08-01 02:26:06 UTC
Raw Date: Mon, 31 Jul 95 19:26:06 PDT

Raw message

From: tcmay@sensemedia.net (Timothy C. May)
Date: Mon, 31 Jul 95 19:26:06 PDT
To: cypherpunks@toad.com
Subject: Attacks on PGP
Message-ID: <ac42d74b05021004a9dd@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain



Things are heating up between Fred Cohen and some of the rest of the list.

I don't believe MIT is in collusion with the NSA or any other government
agency to deliberately weaken or cripple PGP. I base this on having dealt
with some of the MIT folks, with the various source code analyses folks
have done, etc.

However, I think it's a perfectly *fine* idea for some group to launch a
cryptanalytic attack on PGP, or an attack based on any other approaches.
This is the "tiger team," or "Team B" approach to finding flaws and
weaknesses.

I don't take the security of PGP only on faith, though analyzing it is not
my bag, as they say. Rather, I use the Popper/Bartley notions of
falsifiabilty and see truth as a process, not a state. Seeing lots of
source code available, independent compilations on various machines, and
believing neither Zimmermann nor Atkins nor Schiller, etc., would consent
to inserting back doors into PGP, I am thus led to _believe_ that PGP is
probably not so affected. Doesn't mean it isn't so, but I'm not overly
worried about it.

Still, more studies and technical attacks (technical, not verbal) would be
welcome.

One of the problems we in the "civilian cryptography" sector face is that
we don't have much activity in cryptanalysis. (We've talked about this
several times before, before Fred Cohen joined the list, for example.) The
NSA and other intelligence agencies have not only code makers, they also
have code _breakers_ (such as modern ciphers are breakable, which hasn't
been the case much lately, if Bamford and Kahn are to be believed).
Probably entire groups whose only job is to try to break the systems
devised by others. (Modern ciphers are not as prone to breakage as earlier
ciphers were, for technical reasons, so I suspect the number of
cryptanalysts has shrunk since the good old days when they had more
successes...there may only be a small contingent left...)

The lack of cryptanalysis papers at "Crypto" has been striking...I was told
that the program committee considers cryptanalysis to be less important
than original research. (I can see the rationale in this, as Crypto is an
academic/research conference, and there are really no "engineering" crypto
conferences. And cryptanalysis might not even fit into an engineering
conference very well, as cryptanalysis is traditionally a sort of
"hobbyist" activity--if you've read Kahn you'll know what I mean.)

Crypto comes in various flavors, from hardware implementations, to number
theory, to Unix/IETF sorts of standards, to digital cash, and even to
statistical analysis. It is dangerous to have a "monoculture" in which one
topic is the trendy one and everyone is urged to work on that (whether the
"that" is PGP or Java or anything else equally trendy).

Most of the activity has been on adding hooks to PGP to make it usable in
other programs, or on remailers. Not as much effort has gone into proofs of
validity, systems analysis, etc. (Eric Hughes and I talked about this
several years ago, before the Cypherpunks group was formed...the need for
"Viper"-like systems with provably correct components, especially for
digital money, etc.)

If folks think PGP is flawed, or deserves an independent and critical look,
then this is a good project for someone. (I think several such analyses
have been made, however...this doesn't make it impossible for a flaw or
backdoor to exist, but at least the code has been examined by various
folks. I'm personally not too worried, though this has little suasive
value.)

(The Monoculture of Trendy Projects. My own programming mini-project, while
proceeding slowly, is of a pattern extractor and "entropy estimator" for
text. Stuff like measuring patterns, examining clusterings and
author-specific patterns. I'm writing it as a bunch of "critic agents" who
are responsible for different areas of analysis. In SmalltalkAgents. My
point? There will be those who cite the "monoculture" and scoff at anything
not written in C++ for Unix boxes, or not built to be Net-aware from the
gitgo, or not written as applets in Java....oh well, in Digital Walden, one
marches to a different drummer. Better to program the thing I _want_ to
program rather than the things I _don't_ want to program, and hence
_won't_. Final note: it'll be ready for use and maybe demonstration when
it's ready. And ready when it's finished, finished when it's ready.)

I've long appreciated Fred Cohen's work on viruses, so it's nice to have
him on the Cypherpunks list. Maybe Fred can tell us if it's really true
that he was stopped by U.S. Customs and held for many hours at the Canadian
border when going to or returning from a conference where he described
computer viruses....

--Tim May

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay@sensemedia.net   | anonymous networks, digital pseudonyms, zero
408-728-0152           | knowledge, reputations, information markets,
Corralitos, CA         | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."







Thread