From: fc@all.net (Dr. Frederick B. Cohen) Date: Mon, 31 Jul 1995 20:08:15 -0400 (EDT) One of the several points I tried (apparently unsuccessfully) to make is that with a program that large, it is impractical to verify that there For better or for worse, we all must use programs (or collections of programs) that large or larger: even if PGP could be implemented in 1 % of the current source code, it would still be running in an operating system that's cramped in 4 megabytes of ram, because that's a characteristic of the common modern operating systems. The operating systems PGP is running in are larger than PGP itself; if PGP is too large to practically verify the nonexistance of back doors, then there's nothing we can do whatsoever to disprove the existance of back doors. ...are no subtle back doors - regardless of how knowledgeable or skilled you or I may be. Your "assumption of security" perspective is an inappropriate one unless you are trying to get people to use something that is not secure. Or unless you're trying to subject a program to a standard nothing ever written these days is going to meet because it runs in an operating system that's a lot harder to verify as being secure. Please note: I am not trying to suggest that there are purposeful or inadvertent back doors in any of the variants of PC-DOS, Windows, or the Macintosh OS, or more than usual in the various Unix variants (of which the details are available on RISKS; of course, Unix can probably be made reasonably secure if one is aware of the issues involved, which isn't a bad idea. This isn't meant to be a disendorsement of Unix.) The headers on the postings allow you to ignore them, but in the meanwhile, the subject matter is in line with this forum, and the questions are legitimate. You will have to do better than to appeal to authority to convince anyone that MIT's version of PGP is secure. Can you _convince_ me that MacOS 7.5, or Windows 3.1 (the OS I currently use), or WWG, or OS/2 3.0, or Linux, or NetBSD, is reasonably secure? Why (specifically) do you think so? Because you claim it? Because the MIT maintainer claims it? You say MIT is not associated with the NSA, but they have historically been funded by the NSA and other federal agencies for work on information security. Do you really think that the only information protected by PGP is dirty pictures? Do you somehow think that MIT and the NSA are above that sort of thing? All you have to do is look at history, and it should be clear that this appeal to authority is often used by those trying to cover things up. If you know something about PGPs security that you aren't telling us, don't beat around the bush about it. Come out and say it. Tell us that you have proven that PGP has no backdoors and what method you used to do that. Tell us that you have hand verified all the code and that none of it overwrites the key generation process and tell us how you verified it. It cannot be safely assumed that any program is clean or that any one person or group is not involved with intentionally subverting security. That violates the fundamental principles of information protection. What OS should I use to do this? Should I just give up on anything beyond TRS-DOS 6.2? Phil