1995-08-02 - Re: Provably Correct Crypto?

Header Data

From: Nathan Zook <nzook@bga.com>
To: “Dr. Frederick B. Cohen” <fc@all.net>
Message Hash: 674c84237be1f88747b2673f885825242ed090f5fafa5a819a4a32ca717ebaf2
Message ID: <Pine.3.89.9508020027.D23934-0100000@maria.bga.com>
Reply To: <9508011911.AA11465@all.net>
UTC Datetime: 1995-08-02 05:44:30 UTC
Raw Date: Tue, 1 Aug 95 22:44:30 PDT

Raw message

From: Nathan Zook <nzook@bga.com>
Date: Tue, 1 Aug 95 22:44:30 PDT
To: "Dr. Frederick B. Cohen" <fc@all.net>
Subject: Re: Provably Correct Crypto?
In-Reply-To: <9508011911.AA11465@all.net>
Message-ID: <Pine.3.89.9508020027.D23934-0100000@maria.bga.com>
MIME-Version: 1.0
Content-Type: text/plain

On Tue, 1 Aug 1995, Dr. Frederick B. Cohen was alleged to have blathered:

> Tim May mused:

> > Anything that "reaches out" to external libraries or utilities would then
> > have the vulnerabilities of _those_ libraries and utilities, which may or
> > may not be provably correct themselves. (And the issue of any PRNG being
> > probably correct or not is of course an interesting, and deep, question.)
> > 
> > I do think the issues of modular design and provable correctness--or
> > approximations to it--are interesting ones.
> I think that this issue can generally be addressed by a divide and
> conquer strategy.  Prove that the called routines are correct and
> confined under all possible parameters, do the same for the calling
> routines, do the same for the interaction between them, and I think you
> have it.  This is pretty easy for one or two routines, but when you take
> the OS into account, the C compiler into account, the program itself
> into account, and the external environment into account, you run into
> some serious limitations.  For example, you may (in some cases) have to
> show that under all possible sequences of interrupt timings and stack
> conditions, the system operates correctly (which almost none currently
> do).  Unless you design with this sort of thing in mind, it's very hard
> to demonstrate these properties even for limited subproblems. 

After all your griping over PGP, you spout this?  Have you ever heard of 
Godel's theorem?  I have a phrase for people who peddle their mark of 
approval that a given large program will work: "Snake oil salesman".  In 
the messages which you have scrawled between this and the last on my 
system when I caught up this evening, you have demonstrated the 
fraudulent nature of your business by first claiming that certain 
propositions were "demonstrated", then stating that a graduate student 
was working on "proving" them.

I repeat: Snake Oil Salesman