Re: a hole in PGP
At 8:08 PM 7/31/95, Dr. Fred said:
it is impractical to verify that there are no subtle back doors
Ah. I knew my undergraduate philosophy degree from good ol' Mizzou would come in handy some day. In the sophistry biz, the above is an informal fallacy. It's called a disproving a negative, more popularly called the "Flying Saucer" fallacy, as in, "prove to me that flying saucers (or PGP trap-doors) don't exist". I would put the rest of your rejoinder in the same class of tinker-toy logic, Doc. You're testing my patience. Feeling flush from my New Orleans road trip, I went out and bought the commercial version of Eudora, filter-feature and all, which means I'm just itching to test it. In other words, it means you are flirting with the kill-file, the bozo-filter, more rudely, a <plonk!ing>. Play nice, Doc, or don't play at all. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell
Phree Phil: Email: zldf@clark.net http://www.netresponse.com/zldf <<<<<
At 8:08 PM 7/31/95, Dr. Fred said:
it is impractical to verify that there are no subtle back doors
Ah. I knew my undergraduate philosophy degree from good ol' Mizzou would come in handy some day. In the sophistry biz, the above is an informal fallacy. It's called a disproving a negative, more popularly called the "Flying Saucer" fallacy, as in, "prove to me that flying saucers (or PGP trap-doors) don't exist".
More accurately, you cannot prove a forall statement about an infinite set by demonstrating examples - but you can disprove it with a single refutation, however, your argument is incorrect in this context. Since computers current digital computers (and programs) are (close to) finite state machines, we can prove many forall statements. But even more to the point, it is the job of the person asking you to trust them to justify that trust. If you trust them with a less-than-adequate basis, you have only yourself to blame when you get burned.
I would put the rest of your rejoinder in the same class of tinker-toy logic, Doc.
That's me - a tinker-toy logician. But why do you believe that PGP can be trusted? Because someone told you so in email on an Internet forum? I would hate to bet billions of dollars a day and the lives of hundreds of thousands of people on that judgement.
You're testing my patience. Feeling flush from my New Orleans road trip, I went out and bought the commercial version of Eudora, filter-feature and all, which means I'm just itching to test it. In other words, it means you are flirting with the kill-file, the bozo-filter, more rudely, a <plonk!ing>.
Ah!!! A threat. You should be aware that threatening homocide is a form of assault. I will be certain to tell the FBI your exact words... "the kill-file, the bozo-filter, more rudely, a <plonk!ing>." sounds to me (and may well sound to them) like a threat to commit murder.
Play nice, Doc, or don't play at all.
I am being nice, but you are not. Perhaps you should consider addressing the issues. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
From: fc@all.net (Dr. Frederick B. Cohen) Date: Mon, 31 Jul 1995 21:03:49 -0400 (EDT) More accurately, you cannot prove a forall statement about an infinite set by demonstrating examples - but you can disprove it with a single refutation, however, your argument is incorrect in this context. Since computers current digital computers (and programs) are (close to) finite state machines, we can prove many forall statements. But even We can prove some "forall" statements; however, it is hard to tell in advance whether any "forall" statement is one of these easily provable or disprovable problems. This is informally known as the halting problem. more to the point, it is the job of the person asking you to trust them to justify that trust. If you trust them with a less-than-adequate basis, you have only yourself to blame when you get burned. Most of us consider the release of possibly imcriminating source code to be a sign that the persons involved are worthy of trust. Phil
-----BEGIN PGP SIGNED MESSAGE----- My response to Dr. Frederick B. Cohen: I rarely write ANYTHING to the list unless I think it's absolutly necessary and has a semblence of Crypto (keeps the SNR down). I'm looking forward to doing something similar to the crack RC4 thing again. Anyway, after reading the crap below I have been forced to comment. For an individual that parades the title of Doctor (and the indication of intelligence that title should imply) you seem to lack the grasp of what has been stated over and over again. If you can't study the source code, find somone that you trust that can! Prove it *doesn't* work before you knock it. Lastly, this interpretation of a threat from being added to a killfile was the last straw. Tell the FBI I sent the following Dr.Cohen : PLONK! I never play nice. ObCypherpunk: Anybody heard from Detweiller? [snipped]
You're testing my patience. Feeling flush from my New Orleans road trip, I went out and bought the commercial version of Eudora, filter-feature and all, which means I'm just itching to test it. In other words, it means you are flirting with the kill-file, the bozo-filter, more rudely, a <plonk!ing>.
Ah!!! A threat. You should be aware that threatening homocide is a form of assault. I will be certain to tell the FBI your exact words... "the kill-file, the bozo-filter, more rudely, a <plonk!ing>." sounds to me (and may well sound to them) like a threat to commit murder.
Play nice, Doc, or don't play at all.
I am being nice, but you are not. Perhaps you should consider addressing the issues.
-- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
- -- ========================================================================== PGP Public Keys: 1024/BEB3ED71 & 2047/D9E1F2E9 on request. As soon as any man says of the affairs of the state " What does it matter to me? " the state may be given up for lost. J.J.Rousseau - The Social Contract GAT/E/O d++@>- H--- s: a29 C+++$ UL++++($) P+>+++ L++>++++ E W+++ N++ K- w---- O- M- V-- PS+ PE++ Y+ PGP+++ t 5+ X R* tv b++ DI++ D++ G++ e h+ r y++ [Geek Code v3.0] a.k.a [ root@magus.dgsys.com / vamagus@delphi.com] ========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Protect Your Privacy. Use PGP for all your E-mail security needs! iQCVAwUBMB2UCLbmxeO+s+1xAQE4fAP/TbNWs17V0U8SVDpp6yaCFGnGelSt4mTL rXFSChLRtiMq/TevfTi9xmDl0j0gDeXORcpQBWlDi0ZfoownpDxHJJab7u97KlB3 WFho1WGWMXU5kyz+g6HBayPHpckH035R4rmCvGZ1zw1qph2v9NzoDhR+8pTgkCYD 7bOQYV6CKMM= =K1aG -----END PGP SIGNATURE-----
...
Anyway, after reading the crap below I have been forced to comment. For an individual that parades the title of Doctor (and the indication of intelligence that title should imply) you seem to lack the grasp of what has been stated over and over again. If you can't study the source code, find somone that you trust that can! Prove it *doesn't* work before you knock it.
So you claim that software is secure unless it has been shown to be insecure, while I claim it is insecure unless it has been shown to be secure. Which position do you think more sensible? (rhetorical question, does not require any responses). -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
On Mon, 31 Jul 1995, Dr. Frederick B. Cohen wrote:
That's me - a tinker-toy logician. But why do you believe that PGP can be trusted? Because someone told you so in email on an Internet forum? I would hate to bet billions of dollars a day and the lives of hundreds of thousands of people on that judgement.
Oh, yeah, right...
You're testing my patience. Feeling flush from my New Orleans road trip, I went out and bought the commercial version of Eudora, filter-feature and all, which means I'm just itching to test it. In other words, it means you are flirting with the kill-file, the bozo-filter, more rudely, a <plonk!ing>.
Ah!!! A threat. You should be aware that threatening homocide is a form of assault. I will be certain to tell the FBI your exact words... "the kill-file, the bozo-filter, more rudely, a <plonk!ing>." sounds to me (and may well sound to them) like a threat to commit murder.
Just goes to show you that you really CAN tell the idiots on the net - they usually sign some sort of pompous title before their name. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com 801/534-8857 voicemail 801/460-1883 digital pager Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi Q. What's the trouble with writing an MS-DOS program to emulate Clinton? A. Figuring out what to do with the other 639K of memory.
participants (5)
-
Ed Carp [khijol SysAdmin] -
fc@all.net -
frenchie@magus.dgsys.com -
Phil Fraering -
rah@shipwright.com