This might seem a bit long, and I'd like to apologize to the real cypherpunks for my ranting.
Because you seem to be pointing a finger at specific people. Your recent messages imply (to me, at least) that you think one or more members of the MIT PGP project may have deliberately tampered with some of the PGP code.
I don't believe I actually said any such thing. Perhaps you are not reading (or I am not writing) carefully enough. All I think I did was ask why I should believe they have not when they or those like them have done it before.
You have. I doubt it was intentional, but you have, continually. Here are some snipets of things you've said. First, you say that it is a rational concern since PGP was taken over by us:
The term paranoid is inappropriate in this context. Paranoia refers to an irrational fear, while I am expressing a rational concern over a system that has been taken over by a (partially) government funded university and which has not been properly verified. The history of cryptography (as they say) is (quite literally) littered with the dead bodies of people killed because somebody else thought a cryptosystem was good enough when it was not.
Then you talk about the MIT version as if it were the original thing:
Why (specifically) do you think the MIT version of PGP has no backdoors and is not subject to attacks such as the one outlined in my previous posting?
PGP 2.0 was released in September, 1992, from Europe, and many many people have been examining it ever since. I truly belive that there are no backdoors. Does that mean the program is completely bug-free? Hardly. Does it mean that some attack against PGP wont be discovered in the future? I dont know, I'm not a diviner, I cannot forsee the future, and I have no idea what technology will come in the future. For all I know, someone will prove that P=NP and all this will be for naught. Anyways, to get back to my claims of your hurtful statements:
Why (specifically) do you think so? Because you claim it? Because the MIT maintainer claims it? You say MIT is not associated with the NSA, but they have historically been funded by the NSA and other federal agencies for work on information security. Do you really think that the only information protected by PGP is dirty pictures? Do you somehow think that MIT and the NSA are above that sort of thing? All you have to do is look at history, and it should be clear that this appeal to authority is often used by those trying to cover things up. If you know
I DO NOT GET PAID FOR ANY WORK I DO ON PGP! I HAVE NEVER RECEIVED A DIME FOR MY WORK. I WORK ON PGP BECAUSE I BELIEVE IN IT. Having said that, I cannot BELIEVE you would have the Balls to say that the NSA has bought me. Go re-read what you've said. You have just said that the MIT PGP team, through MIT, is bound to be covering something up because of historical fact. I have never said "Believe me when I said PGP is secure". I have continually asked for you to check on the security yourself. But you have continually refused to do that, and asked why it is secure! So, you refuse to look for yourself, and you refuse to believe it when you are told. So, what the hell do you want? Do you want a line-by-line examination of the code???? Sheesh!
It cannot be safely assumed that any program is clean or that any one person or group is not involved with intentionally subverting security. That violates the fundamental principles of information protection.
You're right, which is why the source code is publically available. I would wholeheartedly agree with you if only binaries are shipped, but the source is available. Anyone can look through and verify the code. Anyone can try to find weaknesses. In fact, everyone is encouraged to do so. I don't see how _this_ "violates the fundamental principles of information protection".
You might be, but even if you are not, that doesn't mean there are no back doors. Your inability to detect a backdoor gives me little confidence, since this is at least an NP-complete problem and, with all due respect, today, nobody can prove that PGP is free of backdoors
I think I've finally figured out where you are completely confused!!! You are confusing "back door" with "bug". FYI: A back door is usually a means to make it easy for someone to get into a system. For example, if I put in code so that I could read every PGP message by typing the passphrase "Setec Astronomy", that would be a backdoor. The fact that httpd was exploitable, or sendmail holes, or etc. are BUGS, not Back doors. Your problem is that you are using these terms interchangably. THEY ARE NOT THE SAME. Putting in a backdoor has the connotation of intent. A bug is an accidental occurrance that was a side effect of poor coding, a typo, carelessness, confusion, inconsistency, etc. A back door, on the other hand, is a DELIBERATE ATTEMPT TO REDUCE OR CIRCUMVENT SECURITY!
"...Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. ...recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose."
PGP does not use "truly random hardware techniques"
Oh? It doesnt? How can you say that? In what way does it not do this? The RFC states, in your quote, that "existing hardware on many systems can be used" for truly random hardware techniques. Please, substantiate your claim that PGP does not do this. Show me code segments which show it does not. Show me an analysis that goes contrary to the RFC.
But the RFC acknowledges that these methods are highly suspect and should not be trusted.
You're right, it should not be blindly trusted. Go read the code and examine the algorithms to prove to yourself that it is secure. I've done that to the extent that I wish, and I believe it is secure. But you wont take my word for it, so go ahead and check! Oh, wait, you wont do that either. Sorry. I forgot.
How is it "unscholarly, unprofessional, needlessly personal, and just plain insulting" to question the idea that hundreds of thousands of people are trusting their freedom to software that is probably not secure? I think it is highly unprofessional to try to claim that PGP is secure and to try to bolster that position by claiming that some "Request for Comments" supports it when that same said RFC refutes it.
Show me some proof that PGP is "probably not secure"? Come on, there is a finite probability that I can walk through a wall! The laws of quantum probablility give me this finite probability! But I'd be hard pressed to show you that I can walk through the wall. It looks good on paper, but it just ain't gonna happen. As for the RFC, it does not refute that PGP is secure. In fact, PGP pretty much follows the RFCs guidelines. You clearly have selective reading. A useful skill -- I should learn it.
It has been my general impression that "scholarly" means, among other things, questioning the status quo and finding out where the generally accepted ideas break down. I am a professional in the field of information protection, and I consider it highly unprofessional in this field to assume that systems are secure without ample evidence to support it.
Dont forget that you have to run PGP in some OS. Please show me a secure OS! Given that the OS cannot be secure (using your logic it is intuitively obvious that this is true) then how can you ask to see a program any more secure than the enviornment in which it runs? PGP tries to be as secure as possible given the environment in which it is being run.
So far, I see no ample evidence to support the security of PGP's key generation algorithm relative to the concerns I have expressed. Those concerns are fairly specific as far as I am concerned, but if you feel I have to demonstrate a specific attack that works in order to question the adequacy of protection, I think you have it backwards.
No, your concerns have been utterly vague. The closest you've come to being at all specific is some vague notion of analyzing keystrokes. In every message I've responded to, I've asked you to expand upon what you mean. What kind of analysis do you mean? How do you propose to analyze keystroke timings? Even if you have a probabalistic model of keystroke timings, all you can possibly do is compare two different probabilities to see if they are the same. But that doesn't help you limit the search on keys.
If the people at MIT feel personally insulted because I have questioned their previously accepted ideas, it's just too bad. I didn't say they
I'm not insulted that you are questioning PGP. I am insulted because in every message you have sent, you have postulated some conspiracy with the government or postulated some intentional weakening of PGP. Your statements could almost be construed as libelous, which is why I feel insulted. I feel extremely comfortable with people questioning the security of PGP. What I dont like is someone stating that it is not secure, slaiming some sort of back door (which connotes some intent to reduce the security) and does not back up the claim with any proof.
In my case, I question its security and have given at least one example of how it could be insecure.
And I've asked to you explain your conjecture, which you have constantly either refused to do or intentionally ignored.
If you do believe it is secure, you should be able to support your contention with more than reference to RFCs, vague comments, and claiming that you have read the code and didn't catch anything.
No matter what, PGP's security is based upon the security of RSA, which in turn is based upon the difficult of factoring, which has never been proven to be hard. Therefore, there is always the possibility that someone will find a polynomial factoring algorithm which would completely destroy any security in PGP.
If you cannot specifically address my question, say so, tell us all that the security of PGP is an open question, and either leave it open or go after closing it.
Ok. Please explain what kind of keystroke timing analysis you propose, and I will attempt to answer that, or concede your point.
OR come up with another alternative that doesn't ignore my question, doesn't avoid the issue, doesn't appeal to authority that fails to adequately support your contentions, and doesn't claim that I an somehow unprofessional or scholarly for questioning an unproven contention.
Have you heard the thought experiment of putting a back-door in login by modifying the C compiler to modilgy the C compiler to modify login? Think about that in terms of the security of PGP -- you are always going to be limited in security to the security of the system on which you are running. I only believe you are being unscholarly because you are making claims without any supporting evidence. _THAT_ is unscholarly! Now, if you are asking if PGP is completely bug free, I will be the first to admit that it is not. I am certain that there are latent bugs in the code (and there are many that have been fixed since the 2.6.2 release). However that has not been your statement nor your questions. You have asked about back doors, an intentional act to reduce the security, and to that I vehemently say that there are none. How do I know that you haven't been infected by a computer virus? Perhaps there was a computer virus that flashed subliminal messages on your screen to make you think you were L. Detweiler and think that Desert Storm was the greatest thing since sliced bread? Improbable? Perhaps, but prove to me that this didn't happen! How do you know that Microsoft Windows doesn't send all your keystrokes to Bill Gates for him to peruse? Prove to me that we landed on the moon! Some have contended that it was all a hoax. Prove to me that the universe existed before I was concious of it. How do I know that you exist? Perhaps all this is a dream -- and if so, I sure hope to god I wake up soon. Good night. -derek