Re: Verifying Toolchain Semantics

[Mike Gerwitz]

To limit your attack area for a response (out of respect for the
recipients---feel free to continue this conversation with me in private) I'm
going to keep this relatively brief.

On Tue, Oct 07, 2014 at 01:18:31PM -0400, Ian Grant wrote:
> The problem is not understood by _you._ otherwise you wouldn't say it
> was an enormous investment of time.

Then do it. You already have a large time investment on these lists.

> Even cryptographic checksums are not unique. So if you know what checksum
> you are trying to defeat (MD5, say) you could make a new PDF with
> different text, but which had the same checksum. The fact that this wasn't
> obvious to you demonstrates something important

I'm not sure how you even remotely got that impression, especially
considering that collisions were at the core of one of my arguments.

> I have zero confidence in the security of my own system. And not
> because of a "Thompson virus" (It's not a virus, and it's no more
> associated with Thompson than it is with the NSA.) it's because it's
> mostly GNU software, which I know is so totally insecure you wouldn't
> need a compiler trap door to get into any and every system.

Perhaps you should spend less time complaining about it and submit patches.
Even if they implement your suggestions---which you stated isn't much of a
time investment anyway---you will have worked much further toward solving
the problem than you already have.

If the system is so fundamentally insecure, why has that not been
aggressively demonstrated by crackers, and why have you not demonstrated
numerous exploits?

> > So tell me: how does your yet-to-be-released checksum algorithm provide
> > any better assurances than this?
> 
> I think I've explained that.

No, you have explained that you think I don't know what I'm talking about,
without producing any actual content or substantiating your opinion.

> > I certainly hope that developers of systems that use public-key cryptography
> > understand the obvious, fundamental principle that you described in the
> > article that Mark linked.[...]
> 
> I sincerely doubt that developers of systems that use public-key
> cryptography know that. In fact, I doubt anyone will be able to
> provide me a reference to a commercially published source that clearly
> and explicitly says essentially what I said there. I doubt anyone
> could even give me a URL for a text that clearly and explicitly states
> that. And to show it is widely acknowledged you would need to point to
> dozens of instances.

The link itself[8] contains a reference (one of Schneier's books). In fact,
you didn't provide any actual details aside from a mention of "the
factorization problem"---just generalizations.

  "Computing discrete logarithms is believed to be difficult. No efficient
  general method for computing discrete logarithms on conventional computers
  is known, and several important algorithms in public-key cryptography base
  their security on the assumption that the discrete logarithm problem has
  no efficient solution."[0]

The discrete logarithm problem is also mentioned, directly or indirectly, by
[1], [2], [3], [4], and is broken by [5], but a mention of how to avoid the
problems caused by Shor's attack on elliptic curve cryptography is mentioned
in [6]. Shor's paper mentioning the issue is at [7].

I intentionally linked a large number of Wikipedia articles to show its
ubiquity in such a common public resource. It is *core* to the discussion of
the Diffie-Hellman probrem (and, consequently, ElGamal). Research into
the discovery of primes dates back to ancient times (an example being
Eratosthenes of Cyrene); it's an elementary topic that naturally segues
into, at the very least, limitations of modern algorithms and future
outlook.

I'm not sure why you think that this is some secret.

> No. You have not told me anything I didn't already know. But I hope
> you appreciate I have told you things you should have known, had you
> only thought a little about them.

You did tell me something: that you were too busy trying to poke holes in my
response that you didn't take the time to grok what I had written, and
dismissed it as anything but ammunition against me.

This is precisely why you are being pushed away or ignored. You have no
intent to *actually help*, or you would have.

> [...],you would have had a scheme program that generated PDF reader
> programs by now. And that would have given you a guile PDF display plugin
> for Firefox, for example.

I guess we're just not that sweet, huh?

But you sound like you are. Perhaps you could implement this for us as a
demonstration of the power of the methodology you tout.

> And maybe one-day you won't feel embarrassed to call yourself a
> programmer, or a software engineer. Here's hoping, anyway.

You seem to be assuming that you have somehow made myself---or anyone else,
for that matter---feel embarrassed. The GNU Project is composed of, like it
or not, individuals that are *proud* to be part of the prestigious (and
the original) free operating system. You have falsely assumed that a lack of
knowledge on a narrow subset of computer science is somehow indicative of
incompetence, and that you somehow are of superior competence *because* of
knowledge in those areas.


[0]: http://en.wikipedia.org/wiki/Discrete_logarithm_problem
[1]: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
[2]: http://en.wikipedia.org/wiki/Public_key_cryptography
[3]: http://en.wikipedia.org/wiki/Integer_factorization
[4]: http://en.wikipedia.org/wiki/RSA_(algorithm)
[5]: http://en.wikipedia.org/wiki/Shor%27s_algorithm
[6]: http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
[7]: http://arxiv.org/abs/quant-ph/9508027
[8]: http://livelogic.blogspot.dk/2014/09/the-free-fair-and-forged.html

-- 
Mike Gerwitz
Free Software Hacker | GNU Maintainer
http://mikegerwitz.com
FSF Member #5804 | GPG Key ID: 0x8EE30EAB

signature.asc
Description: Digital signature