At 10:06 PM 9/16/96 -0400, The Deviant <deviant@pooh-corner.com> wrote:
Not to mention, the basic flaw of OTP.. if you have the only copy of the key, and the key is non-repetitive, how do you send the key to another person without being just as insecure as not encrypting it in the first place... almost any OTP claims are gonna be snake oil.
The way you send OTPs to people securely is to use couriers with briefcases handcuffed to their arms, or whatever level of physical security you need. The kinds of things software packages can help with are providing a friendly user interface for getting the next N bits out of the pad and trashing them after use, keeping track of where you were in the pad, handling the different pads you use to communicate with different people, driving the robot arm that drops the tape into the shredder, etc. Slightly less trustably, they can be used to help generate a pad by crunching down the data from your hardware random number generators, and perhaps emailing Geiger Counter data to the Safety Department after rounding to the nearest order of magnitude. Somebody else wrote:
I would also suggest that the generation of OTP 'pads' for users is *highly* questionable. Who else is getting a copy of them, assuming they're even valid? Definitely - that concept loses big time.
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto