a hole in PGP
Perry E. Metzger
perry at panix.com
Tue Aug 1 08:42:52 PDT 1995
"Patrick J. LoPresti" writes:
> I find it surprising that people so familiar with public key
> cryptography would be reassured by the argument, "Here, this algorithm
> has been examined by thousands and nobody has found a trap door."
> Public key cryptography demonstrates that it is possible, in
> principle, to construct an algorithm with a trap door that nobody else
> is *ever* going to find.
This is not correct as you have phrased it.
Although it is not possible to find a decision proceedure for any
non-trivial property of programs in general (whether it halts, for
example) in practice well written code can be well understood and
cannot conceal very much at all.
In order to use public key cryptography to obfuscate a program as you
suggest, you'd have to include huge tables of large numbers in it. Any
idiot can observe the existance of such mysterious tables.
Trying to conceal anything in cleanly written code is an enormous
challenge, and one that has nothing to do with public key crypto per
se.
Incidently, this doesn't mean that you can't conceal things by
producing subtle flaws in, for example, random number generation code.
However, such flaws are hardly of the form "nobody else is *ever*
going to find" -- anyone being extremely cautious in his analysis will
find such flaws.
.pm
More information about the cypherpunks-legacy
mailing list