Russian analysis of PGP

Theodore Ts'o tytso at ATHENA.MIT.EDU
Sat Jan 9 08:52:30 PST 1993 

   From: eab at msc.edu (Edward Bertsch)
   Date: Sat, 9 Jan 93 7:48:46 CST

   these are serious claims.  What do the authors of the software have
   to say about them?  Others?

"Dr. Sidelnikov" has presented some very serious claims, indeed, but has not
produced one shred of evidence to back them up.  Some of his claims, to
wit his assertion that PGP's hashing function is breakable, he could
have very simply demonstrated, without using a lot of clumsy english.
(All he would have needed to do is to produce, two strings, X and Y,
where X != Y and MD5(X) == MD5(Y) --- or better yet, given message
digest Z which someone else picks, such as the test values in RFC-1321,
produce a string X such that MD5(Z) == X.

Some of his other claims, such as his complaint that PGP doesn't contain
any self-checking code to protect against "killer viruses", on the
surface seem to indicate a very shallow analysis of the problem.

Something else to consider is that the source of his posting is somewhat
suspect.  The person who posted it got it from a friend, who got it from
some other net where supposedly Dr. Sidelnikov posted it.  At the
moment, its source sounds like an awful lot of urban legend stories
which many of us have heard before.  An equivalent statement to his
posting might be: 

	"I heard from a friend who heard from an Eminent MIT Professor:
	Don't use XXX, since it uses DES which could be broken."   

While I might have a lot of respect for MIT and its professors, I would
want to see a demonstration of this fact before I would take that kind
of report very seriously.  The same standards should be held to Dr.
Sidelnikov.

							- Ted

P.S.  Note that I am not completely ruling out Dr. Sidelnikov's claims;
but we should keep in mind that up to this point, we have not one shred
of evidence that he is (a) who he claims to be, or (b) his statements
are true.  I would expect that most academics, when publishing something
of this magnitude, would include some sort of evidence to back their
claims up.

P.P.S.  Also note that if his claim about MD5 is true, then we are in a
lot more trouble than just PGP being insecure.  There are an awful lot
of other protocols that use MD5, including Privacy Enhanced Email (PEM).

More information about the cypherpunks-legacy mailing list