1995-08-01 - Re: a hole in PGP

Header Data

From: Matt Blaze <mab@crypto.com>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 0462ab909ff6618cafd12f7ef501a10cd447984983deb01abb92bbf6e5736659
Message ID: <199508010112.VAA26078@crypto.com>
Reply To: <9508010008.AA02790@all.net>
UTC Datetime: 1995-08-01 01:05:10 UTC
Raw Date: Mon, 31 Jul 95 18:05:10 PDT

Raw message

From: Matt Blaze <mab@crypto.com>
Date: Mon, 31 Jul 95 18:05:10 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: a hole in PGP
In-Reply-To: <9508010008.AA02790@all.net>
Message-ID: <199508010112.VAA26078@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain

>> Look. If you're qualified, look at the PGP source and vet it yourself. If
>> you aren't qualified, figure the market to be efficient in this instance
>> and assume the stuff works.
>One of the several points I tried (apparently unsuccessfully) to make is
>that with a program that large, it is impractical to verify that there
>are no subtle back doors - regardless of how knowledgeable or skilled
>you or I may be.  Your "assumption of security" perspective is an
>inappropriate one unless you are trying to get people to use something
>that is not secure. 

It's true that, in general, the "burden" of demonstrating whether a
system is secure should fall primarily on those who claim it is rather
than on those who claim it isn't.  It's also true that PGP, for
whatever reason, is treated with a degree of reverence that is,
perhaps, unwarranted.  I, for one, would be much happier to see
greater vetting of widely-used programs like PGP.  But that does not
mean that one can expect to be taken seriously by simply throwing
darts and seeing where they land.  That would mean that essentially no
hardware, software, algorithm or protocol could ever be considered
trustworthy by anyone for any purpose.  There is a difference between
raising specific concerns and making vague, wild, unsupported claims,
which is how what you wrote below reads to me.

>> Stop wasting our time and bandwidth harassing the MIT folk about whether or
>> not their code is clean. Such posturing won't wash around here.
>The headers on the postings allow you to ignore them, but in the
>meanwhile, the subject matter is in line with this forum, and the
>questions are legitimate.  You will have to do better than to appeal to
>authority to convince anyone that MIT's version of PGP is secure.
>> <Metzger_mode("off")>
>> Seriously, it may be an appeal to authority, but it can safely be assumed
>> that PGP is clean, and that MIT is *not* involved with the NSA and the Red
>> Leptons in a conspiracy to spy on our alt.binaries.pictures.erotica.stoats
>> postings.
>Why (specifically) do you think so? Because you claim it? Because the
>MIT maintainer claims it? You say MIT is not associated with the NSA,
>but they have historically been funded by the NSA and other federal
>agencies for work on information security.  Do you really think that the
>only information protected by PGP is dirty pictures? Do you somehow
>think that MIT and the NSA are above that sort of thing? All you have to
>do is look at history, and it should be clear that this appeal to
>authority is often used by those trying to cover things up.  If you know
>something about PGPs security that you aren't telling us, don't beat
>around the bush about it.  Come out and say it.  Tell us that you have
>proven that PGP has no backdoors and what method you used to do that. 
>Tell us that you have hand verified all the code and that none of it
>overwrites the key generation process and tell us how you verified it.

No one knows how "prove" anything substantial, much less the absence
of backdoors, for anything but the most trivial software and

>It cannot be safely assumed that any program is clean or that any one
>person or group is not involved with intentionally subverting security.
>That violates the fundamental principles of information protection.

Your attempt to cast a near-defamatory shadow of suspicion over the
individuals and institutions who wrote the software, without raising
even a single specific concern about something you've observed about
the code, invites more questions about your own motives than those of
MIT or its staff.  It seems reasonable to ask you to put up or shut


Disclaimer: I also give away cryptographic source code, in connection
with my job as a research scientist for a company that has even closer
ties to the spook community than you seem to think MIT has...