Creating a key bearing no user ID

Robert J. Hansen rjh at
Mon Jan 23 20:25:24 CET 2012

On 1/23/12 12:52 PM, Hubert Kario wrote:
>>> And there's a very good reson why you shouldn't be a fan of such 
>>> comparisions: Unlike physical security, properly implemented 
>>> cryptography is unbreakable at this time.
> I didn't claim that any crypto is properly implemented.

This is not what I read from your first statement.

> I did claim it is far easier to find unbreakable crypto than it is to
> create unbreakable physical security. If TLAs are involved, then
> still the first is only questionable while the second is simply
> imposible.

This claim is false.  There is no such thing as unbreakable crypto: it
does not exist anywhere.  If perfect physical security is impossible and
perfect implementations are impossible, then they're both equally
unrealistic and there's not a lick of difference between them.

> Also, your example is flawed: any security scheme can be only as good
> as the key.

The example was not flawed.  What you're seeing as a flaw is the point I
was making, which is that there is no such thing as "properly
implemented cryptography."

As an example, GnuPG is certainly competently implemented cryptography,
but nobody knows whether it is implemented correctly.  Some years ago
there was a critical bug with Elgamal signing keys (which is why we can
no longer generate Elgamal signing keys: the feature was removed).  No
one considers this bug to be a reflection on the professionalism of the
GnuPG developers: the bug was subtle, survived code review by many
people, and could have arisen in any software development process.  But
the fact remains that Elgamal signatures in GnuPG were not implemented
properly and the entire security of GnuPG-generated Elgamal signatures
was in jeopardy as a result.

If you believe GnuPG is "properly implemented," well, all right: but did
you also believe that before the Elgamal bug?  If you did, then
apparently the mechanism by which you come to these conclusions is
defective, and perhaps a little skepticism is warranted.

The phrase "properly implemented cryptosystem" should never be used
except in a context of skepticism that such a beast has ever existed, or
could ever exist.

More information about the Gnupg-users mailing list