[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a hole in PGP



Hello [email protected] (Dr. Frederick B. Cohen)
  and [email protected] (Matt Blaze)
  and [email protected]

I'm afraid I missed the start of this thread, sorry if I'm repeating...

...
> The fact is, you seem to support the idea that PGP is secure without a
> reasonable basis, and when pushed a bit harder, agree that it probably
> is not secure. 

The problem is that "secure" is not really something that can be proved.
(I'm not sure if that's a theoretical or a practical fact, but it remains.)
For one thing, I'm not even sure the RSA algorithm itself is secure.
(At least I've never heard of a proof; have you?)

As long as I'm using PGP to send letters to grandma, the cost (to me) of
a successful attack is small. I therefore expend little effort to verify
that it is secure.

If/when I start to use it for more serious applications, I will read 
the source code. I might even modify it (eg. accord less entropy per
keystroke) if I'm not happy with it.

If circumstances warranted, I could re-implement it from the appropriate
RFC (is it out yet or still draft?). However, in such circumstances,
I very much suspect a one-time-pad would be used.

> This is how professionals deal with these sorts of questions:
> 
> 	If you do not believe it is secure, you should say why not.

I do not believe that it can be proven secure.

> 	In my case, I question its security and have given at least one
> 	example of how it could be insecure.

If you doubt the key-gen routine:
  * you are certainly free to make up your own keys any way you like,
  * write your own and argue that it's better, and/or
  * find a way to break the key-gen routine.

> 	If you do believe it is secure, you should be able to support
> 	your contention with more than reference to RFCs, vague
> 	comments, and claiming that you have read the code and didn't
> 	catch anything.

Adding to the list:
  * I've never heard of anyone catching anything (except the headers on
clearsigned messages problem).

> 	If you cannot specifically address my question, say so, tell us
> 	all that the security of PGP is an open question, and either
> 	leave it open or go after closing it.

The security of anything is an open question.

You shouldn't spend more on proving security than a breach would cost.


Hope I'm making sense...

Jiri
--
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)