1995-08-01 - Re: a hole in PGP

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: mab@crypto.com (Matt Blaze)
Message Hash: 9604649e14ff017a519b8d606e53dcf1dd085c416a7b695a764d68be0f0f2504
Message ID: <9508010250.AA14743@all.net>
Reply To: <199508010233.WAA26805@crypto.com>
UTC Datetime: 1995-08-01 02:56:43 UTC
Raw Date: Mon, 31 Jul 95 19:56:43 PDT

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Mon, 31 Jul 95 19:56:43 PDT
To: mab@crypto.com (Matt Blaze)
Subject: Re: a hole in PGP
In-Reply-To: <199508010233.WAA26805@crypto.com>
Message-ID: <9508010250.AA14743@all.net>
MIME-Version: 1.0
Content-Type: text

> >Under what analysis do you construe "It cannot be safely assumed" as
> >"near-defamatory"?
> Because you seem to be pointing a finger at specific people.  Your
> recent messages imply (to me, at least) that you think one or more
> members of the MIT PGP project may have deliberately tampered with
> some of the PGP code.

I don't believe I actually said any such thing.  Perhaps you are not
reading (or I am not writing) carefully enough.  All I think I did was
ask why I should believe they have not when they or those like them have
done it before. 

>  You think the risk of this sort of thing having
> occurred is especially great - greater than with other products, in
> fact - with MIT PGP because of some (unspecified) connection you
> believe MIT has with NSA.  (If I am mistaken here and you don't think
> MIT PGP is at special risk, please clarify this - I suspect others got
> the same impression).

PGP is a product that is specifically disliked by the powers that be
because it provides free access to strong cryptography which is against
the public policy of the US government.  That means that people in that
same said government likely feel it is their duty to make certain that
they can still read PGP mail.

>  PGP did not come from "MIT".  It came from
> specific individuals who work there and who are named in the code and
> documentation.  They have professional and personal reputations and
> feelings just like we all do.  Some of these individuals are on or
> close to this list.  To imply, without offering evidence, that these
> people are somehow tainted and that their work should be especially
> mistrusted is harmful and hurtful to them.

I didn't mean to be hurtful, but I did and do mean to ask why we should
believe that PGP is secure.  Their blind faith is not adequate for the
level of trust being put in PGP - even if they are really sincere.

In terms of implication, I don't believe I implied any such thing.  I
only asked why we should trust them with our individual freedom.

>  To use such implications
> as the entire basis for claims about the security of or risks
> associated with specific software does not move our understanding of
> things forward.  Pointing out something specific, on the other hand,
> would move things forward.  I think your "arguments" about this
> subject so far have been vague, unscholarly, unprofessional,
> needlessly personal, and just plain insulting.

I obviously disagree, but I still haven't heard a single response along
the lines of "here's why we believe it is secure..." I have heard lots
of responses along the lines of "believe us or convince yourself..." and
"read a 'Request for Comments' and that explains it all", but those
leads have not panned out - so far, the RFC tells us that PGP is not
secure and the convince yourself argument holds no water.

The fact is, you seem to support the idea that PGP is secure without a
reasonable basis, and when pushed a bit harder, agree that it probably
is not secure. 

How is it "unscholarly, unprofessional, needlessly personal, and just
plain insulting" to question the idea that hundreds of thousands of
people are trusting their freedom to software that is probably not
secure? I think it is highly unprofessional to try to claim that PGP is
secure and to try to bolster that position by claiming that some
"Request for Comments" supports it when that same said RFC refutes it.

It has been my general impression that "scholarly" means, among other
things, questioning the status quo and finding out where the generally
accepted ideas break down.  I am a professional in the field of
information protection, and I consider it highly unprofessional in this
field to assume that systems are secure without ample evidence to
support it.

So far, I see no ample evidence to support the security of PGP's key
generation algorithm relative to the concerns I have expressed.  Those
concerns are fairly specific as far as I am concerned, but if you feel I
have to demonstrate a specific attack that works in order to question
the adequacy of protection, I think you have it backwards.

If the people at MIT feel personally insulted because I have questioned
their previously accepted ideas, it's just too bad.  I didn't say they
had bad breath or that they were arogant or that they were ugly, all I
said was that their professional opinions seem to lack adequate
foundation when subjected to scrutiny.  This is professional comment,
not a personal one. 

As far as the potential that they are working with the NSA to subvert
personal privacy, it is a potential, just as it is a potential that I am
working with the NSA to undermine confidence in PGP.  The issue is and
should be, why (specifically) do you believe that PGP is secure.

This is how professionals deal with these sorts of questions:

	If you do not believe it is secure, you should say why not.

	In my case, I question its security and have given at least one
	example of how it could be insecure.

	If you do believe it is secure, you should be able to support
	your contention with more than reference to RFCs, vague
	comments, and claiming that you have read the code and didn't
	catch anything.

	If you cannot specifically address my question, say so, tell us
	all that the security of PGP is an open question, and either
	leave it open or go after closing it.

	OR come up with another alternative that doesn't ignore my question,
	doesn't avoid the issue, doesn't appeal to authority that fails to
	adequately support your contentions, and doesn't claim that I an
	somehow unprofessional or scholarly for questioning an unproven

-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236