Validating a program

[Adam Shostack <adam@homeport.org>]

Dale Thorn wrote:
| stewarts@ix.netcom.com wrote:
| > >> On Tue, 5 Nov 1996, Edward R. Figueroa wrote:
| > >> > Last,  I would like to know once and for all,  is PGP compromised,  is
| > >> > there a back door, and have we been fooled by NSA to believe
| > >> > it's secure? 
| > You can read and compile the source code yourself.

| Really?  All 60,000 or so lines, including all 'includes' or attachments?
| 
| I'll bet you can't find 10 out of 1,000 users who have read the total source,
| let alone comprehended and validated it.

	The fact that most readers have not examined it does not mean
that the availability of the source is not important.  If the source
was tightly held, perhaps some experts would have seen it.  Thats not
likely, security experts are in high demand today, with companies
paying a lot for their time.  Phil could not have competed.

	In addition, up and coming experts, curious amatuers, and
students couldn't have looked at it.  Having your protocol open to
wide review is a good thing even if few people take advantage of it,
because you may hire the wrong experts.  The experts you hire may miss
something.  Someone may have a new attack under development, and not
be able to try it against your software.

	The multitude of hackers who ported pgp also contributed a
large stack of bug reports and fixes.  Without source availablity, the
mac, os/2, amiga & UNIX ports would be held up, or perhaps not exist.

	Publicly distributed source code also tends to be of higher
quality (see Fuzz Revisited, at grilled.cs.wisc.edu)


	In short, if you're paranoid, feel free to look over the
source.  But the fact that most people have never peeked under the
hood is not a strike against pgp at all.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume