1995-08-01 - Re: a hole in PGP

Header Data

From: “Patrick J. LoPresti” <patl@skyclad.lcs.mit.edu>
To: cypherpunks@toad.com
Message Hash: 90a34e81a9a6603eff4dda8e14ceba54bf67828f98c6af7c5df7caaad629739b
Message ID: <199508011530.LAA00429@skyclad.lcs.mit.edu>
Reply To: <199507312340.TAA02533@toxicwaste.media.mit.edu>
UTC Datetime: 1995-08-01 15:31:10 UTC
Raw Date: Tue, 1 Aug 95 08:31:10 PDT

Raw message

From: "Patrick J. LoPresti" <patl@skyclad.lcs.mit.edu>
Date: Tue, 1 Aug 95 08:31:10 PDT
To: cypherpunks@toad.com
Subject: Re: a hole in PGP
In-Reply-To: <199507312340.TAA02533@toxicwaste.media.mit.edu>
Message-ID: <199508011530.LAA00429@skyclad.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


>>>>> "warlord" == Derek Atkins <warlord@mit.edu> writes:

 warlord> This is where you are very wrong.  I am not saying that "if
 warlord> you can't find any holes it must be secure".  What I am
 warlord> saying is that the source is available, and thousands of
 warlord> people have looked at the source, and none of them have
 warlord> found any holes in it.

While I largely disagree with Dr. Cohen's conclusions, I do think we
should extinguish the "Examine the source!" mantra.

I find it surprising that people so familiar with public key
cryptography would be reassured by the argument, "Here, this algorithm
has been examined by thousands and nobody has found a trap door."
Public key cryptography demonstrates that it is possible, in
principle, to construct an algorithm with a trap door that nobody else
is *ever* going to find.  I wonder whether Rivest could construct a
hash function which only he could invert...  :-)

When an algorithm is essentially defined by a tangle of C code, like
the PGP random number generator, the "Examine the source!" mantra
becomes even more hollow.  Ironically, the fact that it was designed
by competent cryptographers potentially makes it even more dangerous.

Of course, there is no practical alternative at this time.  Maybe
someday your entire operating environment will be formally proven
correct, and the cryptographic algorithms will be provably as hard as
factoring, and factoring will be proven hard, and the system will ask
you to flip a coin and type "0" or "1" every time it needs a random
bit.  But until that day, you will have to decide whom to trust.

Personally, I trust the authors of PGP.  So do most of the people on
this list, I suspect.  Maybe Dr. Cohen can convince me that my trust
is misplaced; but to do so, he will need something better than NSA
conspiracy theories.

Version: 2.6.2
Comment: Processed by Mailcrypt 3.3beta, an Emacs/PGP interface