From: Dale Thorn <dthorn@gte.net>
Date: Sun, 10 Nov 1996 09:30:09 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Information [for new PGP user]
Message-ID: <328600B9.5168@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc wrote:
> On Thu, 07 Nov 1996 07:08:52 -0800, Dale Thorn wrote:
> >> >> > I'm a new Cyberpunk!
> >> Probably wearing a set of Ono-Sendai eyeballs....
> >> >> > Last,  I would like to know once and for all,  is PGP compromised,  is
> >> >> > there a back door, and have we been fooled by NSA to believe it's secure?
> >> You can read and compile the source code yourself.
> >Really?  All 60,000 or so lines, including all 'includes' or attachments?
> >I'll bet you can't find 10 out of 1,000 users who have read the total source,
> >let alone comprehended and validated it.

> That's not necessary - it's the fact that it's possible that matters;  most
> of us are content to trust the various people who actually have.  However,
> I'd probably be inclined to look into it seriously if I was going to use it
> on anything incriminating or potentially linked to my checkbook...

My main point, which is really difficult to make, since software issues
are so complex today, is that I've been involved with projects on a
similar scale as PGP, where several programmers contributed code to a
particular executable program, and when this is the case (especially
where the source is not obvious as would be data entry code and the like),
it's just not practical for one person working alone, unpaid, to break
the source down into manageable chunks and study it and make enough notes
so that every portion of it is clearly understood and validated.

People in the past have discussed 50 million line Fortran programs to set
up jet training simulators and so forth, and by comparison a 60,000 line
source in 'C' might look doable, as far as complete annotation is concerned.

To illustrate the point, then, I recently had a chance to estimate the cost
of converting a non-'C' program to 'C', which would result in a 'C' program
of about 6,000 lines, or about 1/10 the size of PGP.  My best guess was
about 500 to 1,000 hours, and to analogize that to PGP, where I wouldn't be
writing or converting code ostensibly, just annotating it, I would still
guess 2,500 to 5,000 hours, if the job were done correctly and thoroughly.

If the job is not practical/feasible, then IMO I can say it's not doable.

OTOH, if some one or a handful of people wanted to make the source code
of PGP really accessible to the masses (of programmers at least), they
should start with a plan to make sure it's broken down into a heirarchy
of functions so that:

1. No one function is too large (say, no more than 50 lines or so).

2. All functions use reasonably short variable names (ex: 'iTrapon').

3. Variable names are consistent in capitalization.

4. Function names follow the heirarchy and are logically intuitive.

5. Constant and #define names follow a heirarchy as well.

6. Where a choice is possible between setting out a construct that
   (visually speaking) looks very complex and is difficult to follow,
   and making it simpler, take the simpler path.