1995-08-01 - a hole in PGP

Header Data

From: Phil Fraering <pgf@tyrell.net>
To: fc@all.net
Message Hash: fa905f2659d483839d652eb28bc29dfc4643476f2cd8f97f1650c1da985d267a
Message ID: <199508010213.AA07127@tyrell.net>
Reply To: <9508010008.AA02790@all.net>
UTC Datetime: 1995-08-01 02:18:07 UTC
Raw Date: Mon, 31 Jul 95 19:18:07 PDT

Raw message

From: Phil Fraering        <pgf@tyrell.net>
Date: Mon, 31 Jul 95 19:18:07 PDT
To: fc@all.net
Subject: a hole in PGP
In-Reply-To: <9508010008.AA02790@all.net>
Message-ID: <199508010213.AA07127@tyrell.net>
MIME-Version: 1.0
Content-Type: text/plain

   From: fc@all.net (Dr. Frederick B. Cohen)
   Date: Mon, 31 Jul 1995 20:08:15 -0400 (EDT)

   One of the several points I tried (apparently unsuccessfully) to make is
   that with a program that large, it is impractical to verify that there

For better or for worse, we all must use programs (or collections
of programs) that large or larger: even if PGP could be implemented
in 1 % of the current source code, it would still be running in an
operating system that's cramped in 4 megabytes of ram, because that's
a characteristic of the common modern operating systems.

The operating systems PGP is running in are larger than PGP itself; if 
PGP is too large to practically verify the nonexistance of back doors,
then there's nothing we can do whatsoever to disprove the existance
of back doors.

...are no subtle back doors - regardless of how knowledgeable or skilled
   you or I may be.  Your "assumption of security" perspective is an
   inappropriate one unless you are trying to get people to use something
   that is not secure. 

Or unless you're trying to subject a program to a standard nothing
ever written these days is going to meet because it runs in an
operating system that's a lot harder to verify as being secure.

Please note: I am not trying to suggest that there are purposeful or
inadvertent back doors in any of the variants of PC-DOS, Windows, or
the Macintosh OS, or more than usual in the various Unix variants (of
which the details are available on RISKS; of course, Unix can probably
be made reasonably secure if one is aware of the issues involved,
which isn't a bad idea. This isn't meant to be a disendorsement of

   The headers on the postings allow you to ignore them, but in the
   meanwhile, the subject matter is in line with this forum, and the
   questions are legitimate.  You will have to do better than to appeal to
   authority to convince anyone that MIT's version of PGP is secure.

Can you _convince_ me that MacOS 7.5, or Windows 3.1 (the OS I
currently use), or WWG, or OS/2 3.0, or Linux, or NetBSD, is
reasonably secure?

   Why (specifically) do you think so? Because you claim it? Because the
   MIT maintainer claims it? You say MIT is not associated with the NSA,
   but they have historically been funded by the NSA and other federal
   agencies for work on information security.  Do you really think that the
   only information protected by PGP is dirty pictures? Do you somehow
   think that MIT and the NSA are above that sort of thing? All you have to
   do is look at history, and it should be clear that this appeal to
   authority is often used by those trying to cover things up.  If you know
   something about PGPs security that you aren't telling us, don't beat
   around the bush about it.  Come out and say it.  Tell us that you have
   proven that PGP has no backdoors and what method you used to do that. 
   Tell us that you have hand verified all the code and that none of it
   overwrites the key generation process and tell us how you verified it.

   It cannot be safely assumed that any program is clean or that any one
   person or group is not involved with intentionally subverting security.
   That violates the fundamental principles of information protection.

What OS should I use to do this? Should I just give up on anything
beyond TRS-DOS 6.2?