Comparing PGP to Symantec's Secret Stuff

Vin McLellan vin at shore.net
Tue Dec 16 08:44:57 PST 1997 


(I just posted this in a discussion on alt.security.pgp, and thought it
might also be of interest to the List. _Vin)

   ALCO Jakarta <alcojkt at bit.net.id> queried the Newsgroup:

> Could anyone give me a quick trun-down on the difference between these two
> programs and which one is more secure? Is the latter more practical to use
> than PGP 2.6.2?

   That's comparing real crypto vs a sophisticated version of the Captain
Crunch crypto ring.

   PGP in all of its forms uses strong crypto, which is why it is
difficult to legally export it from the US to any overseas entity, except
branches and subsidiaries of US firms.  (Thus, the effort to sustain the
international version of PGP, and PhilZ's long travail while the US govt
tried to investigate how those sneaky non-Yanks got their hands on this
oh-so-useful RSA/IDEA utility.)

   Norton Secret Stuff secures the data using the 32-bit Blowfish
encryption algorithm -- which is why it's approved for unrestricted export
outside the US by the U.S. government.

   It's far better than, say, ROT13 -- but it would not provide meaningful
confidentiality or security for anything of any worth, or anything which
might otherwise spur a curious and clever grad student to spend somewhere
between a couple hours (with a college computer lab at his proposal) to a
few days (on a fast PC) doing a brute force search of all possible 32-bit
keys.

   A more complex comparison would put PGP against Norton's YEO, but that
too is an apples to oranges matchup, albiet with strong crypto on both
sides.  PGP was designed to be a mail encyptor. YEO -- with RSA + RC4,
RC5, DES, DES3, and Blowfish too, I think -- was designed as a file and
disk encryptor.  Each is optimized for its primary function.

   The lack of published source code is an issue, but if you see such a
product being purchased by multinationals or US defense contractors you
can be certain the implementation -- which is the real arena of
vulnerability, once the algorithm is chosen -- has been carefully studied
by informed cryptographers. (For non-American product, look for similar
purchases by government-connected agencies in the vendor's nation.)

   You don't sound like the source code is going to do _you_ any good,
right? Like most buyers, you have to trust the judgement of talented pros
somewhere.

>
> I use PGP and don't find it's use so difficult to master even as a rookie
> in cryptographic matters. But this Secret Stuff program is commerical so I
> don't trust it's degree of security to gov't snooping based on my suspicion
> of corporate submission to gov't will. Is that a reasonable assumption?


   Actually, corporate or commercial products are better than that.

   Secret Stuff is overtly weak crypto.  It's also free from Symantec.

   Norton YEO from Symantec, or any competitive heavy-duty product like
RSA SecurPC, will be clearly labelled as to the relative strength (key
length) of their crypto -- strong for domestic user; weak for the intl
mass market -- in terms anyone with a basic understanding of crypto and
crypto export regs can understand.  Export permits for the strong domestic
versions of products like these will be all but impossible to obtain for
mass market sales to non-American individuals. (Neither of these firms
probably sells or even tries to sell the export version overseas; the
weaker products exist largely because US corporate buyers demand an
interoperable product that _can_ be shipped to overseas associates.)

   Export permits to ship the strong-crypto version of these products
American corporations will require that the vendor have a key recovery
mechanism -- no big deal, since we are dealing with stored files, so
backup access is a standard requirement for disaster recovery -- which is
to be held by the US firm in a location which makes it accessible to legal
US court orders.

   Any and all US firms will respond to a legal court order to provide
information.  (Commercial firms in other nations will provide any info
they hold when confronted with a court order too, right?)

   It is always rash to expect any commercial firm in any nation to be
either a martyr or an arbiter of moral or political issues. Corporate
officers have fiduciary responsibilities and they can be replaced.
Corporations get a set of rules from the society in which they operate,
and then -- within the context of those rules -- they seek to maximize
their profit and their stockholders' return on investment with a certain
degree of ruthless intensity.

   That's the nature of the beast.

   When corporate self-interest and some corporate executive's personal
philosophy line up, we get some interesting fireworks -- sometimes even
heroic moments which dramatically change the course of a government's
industrial policy, as in the US banks vehement rejection of the NSA's CCEP
and Clipper programs.  The apparent exception really validates the rule.
It's really rare for the US govt to try to overtly challenge or crush an
American firm like they did with RSADSI for a decade. The NSA tried to
bully the US banking industry and got handed its collective head -- and
got branded as naive and turned into something of a laughingstock as well.

   On the other hand, commercial vendors which provide a product for sale
have to describe and warranty that product as having certain
properties.  If those products are used by individuals or commercial
customers and fail to measure up to their advance billing, the vendor is
thereafter liable for significant (even company-threatening) losses, in
both recompense and punitive damages.

   That's commercial law in the US -- no matter what sort of mealy-mouth
language might be in the shrink-wrap license. US lawyers get a blueprint
of an altar upon which they can sacrifice such firms when they get their
law degree.

   Corporate "submission to gov't will" is a real issue, particularly for
vendors of privacy and security tech -- but for US firms, it is far more
likely to play out formally (as with a court order for a message recovery
key) or in some negotiated backroom deal where the government demands some
feature added, or asks for some feature to be removed from free-market
product, before the vendor is given some commercial advantage like a
government contract, or GSA approval, or an export permit.

   You see the whole American IT industry being put through this sort of
blackmail in the current US crypto export policy.  Only vendors which have
or agree to design key/message "recovery" mechanisms in file or
communications crypto apps get export permits to ship their 56-bit
versions of their crypto products -- or (among other vendors,)
crypto-enhanced applications like RDBSs and operating systems -- to the
international market.

   Nothing subtle or secret about that -- and historically, the model has
probably been pretty much the same, if less blatent.

   US export controls in crypto exist to bludgeon the vendors, so that the
US govt can obtain something it wants in that company's domestic or
overseas product lines. (It certainly does not restrict the international
bad guy's access to strong crypto, no matter what the latest Four Horseman
propaganda is.)

   Today, I think this leverage is probably being applied more on the big
US vendors of operating systems and networking software and major
applications -- all of which require crypto for their commercial products
today -- than it is upon the puny crypto vendors (who are, relatively
speaking, small potatos and aren't allowed to sell strong versions of
their products -- even with message-recovery -- to anyone interesting,
anyway;-)

   In commercial encryption products, the hidden backdoors of myth and
legend are far less likely, given the liability issue and US commercial
law.

   Overt and well-labelled backdoors are a different story. <sigh>

   Surete,
            _Vin

"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.

 *     Vin McLellan + The Privacy Guild + <vin at shore.net>    *
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548

More information about the cypherpunks-legacy mailing list