1995-07-31 - Re: a hole in PGP

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: bcfcc94a6b135a497b3063bae4b276b71e1ffa3c1a6c7240d938ee7e763843e7
Message ID: <199507312340.TAA02533@toxicwaste.media.mit.edu>
Reply To: <9507312253.AA27941@all.net>
UTC Datetime: 1995-07-31 23:40:47 UTC
Raw Date: Mon, 31 Jul 95 16:40:47 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 31 Jul 95 16:40:47 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: a hole in PGP
In-Reply-To: <9507312253.AA27941@all.net>
Message-ID: <199507312340.TAA02533@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

> 	Your assertion that I could find the backdoor by inspecting the
> program is the wrong tactic for secure programs.  If you want people to
> believe that a program is secure, you had better come up with good
> reasons that it is secure, and not hide behind "if you can't find any
> holes, it must be secure".

This is where you are very wrong.  I am not saying that "if you can't
find any holes it must be secure".  What I am saying is that the
source is available, and thousands of people have looked at the
source, and none of them have found any holes in it.

>  - to wit: What makes you think PGPs method
> of getting seeds does not lead to a limited key space that is within the
> realm of modern computers to search?

How do you propose that a user's keystrokes can be analyzed?  If you
assume that the PC's internal clock speed >> typing speed (which is a
good assumption -- how many keystrokes/second can you type?) then you
have a large amount of randomness that can be gained from timing
keystrokes.  Even a good typist will not have an even typestroke!
Have you read RFC 1750?  If not, I would recommend you read it before
you consider continuing this thread!

> 	Why (specifically) do you think the MIT version of PGP has no
> backdoors and is not subject to attacks such as the one outlined in my
> previous posting?

I think it has no backdoors because Jeff Schiller and I (among others)
have looked closely at the random number generator code (he has taken
a much closer look than I) and believe it to be secure.  I also know
that I did not put any backdoors into the code (but why would you
believe me, I must be paid by the government to say this, right?)

As to why I believe it is not subject to attack, I ask you again to go
read RFC 1750.  PGP follows its recommendations fairly closely.  There
is only one place where PGP fails to follow, and that is that PGP does
expose the bucket of random bits, rather than mixing them before
exporting them.  However I do not believe that this would affect the
generation of PGP Public Keys.


PS: In what field is your Doctorate?