1995-08-02 - Re: There’s a hole in your crypto…

Header Data

From: ab411@detroit.freenet.org (David R. Conrad)
To: cypherpunks@toad.com
Message Hash: 7838d99a4637de7323d039d71122d55842dcdfe297c93de2895d42b97de73470
Message ID: <199508021251.IAA08192@detroit.freenet.org>
Reply To: N/A
UTC Datetime: 1995-08-02 12:52:06 UTC
Raw Date: Wed, 2 Aug 95 05:52:06 PDT

Raw message

From: ab411@detroit.freenet.org (David R. Conrad)
Date: Wed, 2 Aug 95 05:52:06 PDT
To: cypherpunks@toad.com
Subject: Re: There's a hole in your crypto...
Message-ID: <199508021251.IAA08192@detroit.freenet.org>
MIME-Version: 1.0
Content-Type: text/plain

Phil Fraering writes:
>Why are the arguments on either side so emotional?

I'm rather hesitant to jump into this thread, but I think that one
reason is that Fred's concerns have been misunderstood a bit.  (If
I'm wrong, I'm sure he'll correct me.)

It seems that there are many people who are ready to leap to the
defense of the honor of the programmers behind PGP, when they feel
said honor is being impugned.

I get the impression (as much from what I know of his background as
from what he's said) that Fred is at least as concerned about PGP
being a correct implementation of the various algorithms it involves
as he is about back doors inserted by nefarious individuals.

As I understand it, it is impossible to demonstrate the correctness of
any program the size of PGP.  And it would also not be possible to
validate the compiler or the operating system.  One thing I'm not sure
of, though, is this: Would it be possible to verify a much smaller
program, say, the RSA-in-3-lines-of-Perl?  (Of course, you still would
be left trying to verify the Perl interpreter, and the OS again.)

And is there any way to build trusted system out of small, verifiable
pieces?  Since the way they're connected could also be questioned, I
suspect that when you put enough of them together it's just as bad as
the case of a single, monolithic program.  But this isn't my area, so
I don't know.

Would it be possible to formally verify at least some parts of a large
program like PGP?  And would that add to the trustworthiness of the
overall program?  (Keeping in mind Fred's earlier remark about a
seemingly-unrelated portion of the code overwriting the key.)

David R. Conrad, ab411@detroit.freenet.org, http://web.grfn.org/~conrad/
Finger conrad@grfn.org for PGP 2.6 public key; it's also on my home page
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.