1995-08-01 - Re: a hole in PGP

Header Data

From: “J. R. Valverde (EMBL Outstation: the EBI)” <txomsy@ebi.ac.uk>
To: cypherpunks@toad.com
Message Hash: af549bac38b5d04ca9c84117d82f21c3177f07c4761c79f2eb4bb6237c4b6f29
Message ID: <199508010932.KAA11464@neptune.ebi.ac.uk>
Reply To: <9508010120.AA07073@all.net>
UTC Datetime: 1995-08-01 09:32:52 UTC
Raw Date: Tue, 1 Aug 95 02:32:52 PDT

Raw message

From: "J. R. Valverde (EMBL Outstation: the EBI)" <txomsy@ebi.ac.uk>
Date: Tue, 1 Aug 95 02:32:52 PDT
To: cypherpunks@toad.com
Subject: Re: a hole in PGP
In-Reply-To: <9508010120.AA07073@all.net>
Message-ID: <199508010932.KAA11464@neptune.ebi.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain

>A reasonable response.  My question is: Why do you think that the key
>generation algorithm used by PGP is secure? Specifically, how do we know
>there is no subtle back door that reduces the problem of testing the
>typical key space to a solvable problem in today's technology?
>I don't believe I made ANY "vague, wild, unsupported claims" however,
>that is certainly a matter of opinion.
	OK, let me put my 2 pence collaboration:

	Let's see. I can try to write a nice program to protect myself.
I could XOR something with my key (00000000) and use that. Then tell my
fellows and all of us use the same program.

	Or I could even be more tricky and implement something more complex.

	Now, my knowledge, time and resources are limited. I see that MIT
or whomever has made a program that, under test, is more secure than my
XOR 00000000 implementation. I may not fully trust them but it is better
than anything I could come out with.

	So, my position is: if it's the best thing I have access to, I only
have two options: either I use it or I give up with cryptography at all.

	Now, I think that what I am trying to say is: if you can come up
with something better, please do. All the Free (and Wannabe Free) World
will be eternally grateful to you. If you can't, then you only have the
above two options.

	Bragging about hypothetical fears that you can't demonstrate at all
is not only stupid, it is also pesimistic, destructive, improductive and
threatening all kinds of freedom. Nazi perhaps? Dunno. And I don't care.

	Security? As you have already been told, you can only prove it
negatively. So, since you can only prove that it can fail, but can't prove
it can't, any discussion is irrelevant unless you have any real proof.

	All the process is based in a fight against time: you are assuming
that nobody can break your crypto process before the secret becomes irrelevant.
All your security lies in the fact that *YOU* don't know of anybody that 
can break the problem but can't deny that  someone could ever possibly 
discover a clever algorithm.

	Thus: either you have proofs that it can be broken, or know a better
algorithm, or can name someone who can proof s/he can break it, or you just
trust it the best you can. Any other kind of discussion is a sophism.

	Dr?... hum. Let me try then a different analogy: I do have a patient
with a letal disease with no known therapy. Then someone comes up with A,
which cures people, but -being new- could maybe possibly perhaps have some
secondary effect that no one knows yet and can't be demonstrated (but could
exist). Now, should I trust the lifes of my patients to therapy A or should
I wait for some years to be secure it has no secondary effects?. Even so,
since the fact nobody has reported them doesn't mean it could not have
them (only that nobody has discovered them), I can't be 100% sure.

	Oh, well, I guess that if your doctor never gave you a therapy 'cos
you can never be 100% sure, you would not like the idea. Would you trust
your life to that therapy when you know for sure you are about to die if
you don't? What if A saved 100%, but there was a therapy B that saved 20%
with no known secondary effects either? Which one would you chose?

	Thus, can you trust lives and whatnot to something not fully known?
I'd say that unless you have something better, that's your better bet. So,
since you know for sure that if you don't use any cryptography at all, you
must communicate in the clear, what do you do?

	So, can you come up with something better or not?