[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: There's a hole in your crypto...





Phil Fraering writes:
>Why are the arguments on either side so emotional?

I'm rather hesitant to jump into this thread, but I think that one
reason is that Fred's concerns have been misunderstood a bit.  (If
I'm wrong, I'm sure he'll correct me.)

It seems that there are many people who are ready to leap to the
defense of the honor of the programmers behind PGP, when they feel
said honor is being impugned.

I get the impression (as much from what I know of his background as
from what he's said) that Fred is at least as concerned about PGP
being a correct implementation of the various algorithms it involves
as he is about back doors inserted by nefarious individuals.

As I understand it, it is impossible to demonstrate the correctness of
any program the size of PGP.  And it would also not be possible to
validate the compiler or the operating system.  One thing I'm not sure
of, though, is this: Would it be possible to verify a much smaller
program, say, the RSA-in-3-lines-of-Perl?  (Of course, you still would
be left trying to verify the Perl interpreter, and the OS again.)

And is there any way to build trusted system out of small, verifiable
pieces?  Since the way they're connected could also be questioned, I
suspect that when you put enough of them together it's just as bad as
the case of a single, monolithic program.  But this isn't my area, so
I don't know.

Would it be possible to formally verify at least some parts of a large
program like PGP?  And would that add to the trustworthiness of the
overall program?  (Keeping in mind Fred's earlier remark about a
seemingly-unrelated portion of the code overwriting the key.)

--
David R. Conrad, [email protected], http://web.grfn.org/~conrad/
Finger [email protected] for PGP 2.6 public key; it's also on my home page
Key fingerprint =  33 12 BC 77 48 81 99 A5  D8 9C 43 16 3C 37 0B 50
No, his mind is not for rent to any god or government.