1995-08-01 - Re: a hole in PGP

Header Data

From: Matt Blaze <mab@crypto.com>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 1c9f27bdc8185ec4c2e621899b2da0175f7d563480b1b685c79089793f22c08d
Message ID: <199508010233.WAA26805@crypto.com>
Reply To: <9508010120.AA07073@all.net>
UTC Datetime: 1995-08-01 02:31:45 UTC
Raw Date: Mon, 31 Jul 95 19:31:45 PDT

Raw message

From: Matt Blaze <mab@crypto.com>
Date: Mon, 31 Jul 95 19:31:45 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: a hole in PGP
In-Reply-To: <9508010120.AA07073@all.net>
Message-ID: <199508010233.WAA26805@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain

>A reasonable response.  My question is: Why do you think that the key
>generation algorithm used by PGP is secure? Specifically, how do we know
>there is no subtle back door that reduces the problem of testing the
>typical key space to a solvable problem in today's technology?

I never said that I thought that PGP (or anything else) is "secure."
But to the extent that I do trust it for any given purpose, it is for
approximately the same reasons that I trust lots of other things that
I rely on.  I've spot checked some of the code - far from an
exhaustive analysis - and I've yet to discover anything myself that
points to any specific weakness.  I assume that others have done the
same, and I also assume that someone like me who did discover a
weakness would be likely, as I would be, to publish it and that
therefore I'd hear about it.  This is, for better or for worse, about
as much as can be said for almost anything in the cryptographic world.
Far from perfect, to be sure, but hardly unusual or unique to PGP.


>Under what analysis do you construe "It cannot be safely assumed" as

Because you seem to be pointing a finger at specific people.  Your
recent messages imply (to me, at least) that you think one or more
members of the MIT PGP project may have deliberately tampered with
some of the PGP code.  You think the risk of this sort of thing having
occurred is especially great - greater than with other products, in
fact - with MIT PGP because of some (unspecified) connection you
believe MIT has with NSA.  (If I am mistaken here and you don't think
MIT PGP is at special risk, please clarify this - I suspect others got
the same impression).  PGP did not come from "MIT".  It came from
specific individuals who work there and who are named in the code and
documentation.  They have professional and personal reputations and
feelings just like we all do.  Some of these individuals are on or
close to this list.  To imply, without offering evidence, that these
people are somehow tainted and that their work should be especially
mistrusted is harmful and hurtful to them.  To use such implications
as the entire basis for claims about the security of or risks
associated with specific software does not move our understanding of
things forward.  Pointing out something specific, on the other hand,
would move things forward.  I think your "arguments" about this
subject so far have been vague, unscholarly, unprofessional,
needlessly personal, and just plain insulting.