Derek and others, In view of the anonymous remailer's calim to have broken the simple system, which as you and others who have had the system for a period time know, we have had some reservations about. The effect on the 5600 bit system, and the 12288 bit system, are unkown at this time. Our tests indicate that there is not any effect at all on the 12,288 bit system. The 5600 bit system, which is indentical to the system described in our release, except that the D values, are used as an index to one, or two tables of random characters, 512 characters, or 2 - 256 characters, may be effected by a known plain text attack, we do not think so but we are running a battery of tests. The anonymous remailer may be able to confirm or deny that, since that person will presumably receive this letter. The addition is trival, that is the system is identicalin all respects to that set out, which was described accurately by the remailer, except that instead of XORing the D value, the D value is used as an index into a table(s) of random characters, that is the random seed is 5600 bits instead of 1792. That was one reason for providing large random seeds in our release. Our analysis as of 3:00pm CST 3-19-96, indicates that the D values are not recoverable, but we stand to be proven wrong. This system is only fractionally slower, for obvious reasons, than the simple one directly using the D values directly, described previously. Incidentally, for those concerned, it is as you know, the one that the IPG software in your possesion uses. Note: There was one error in the description, that is 13568 ANDed to the 8 bit random seed to get starting A values, it is not a C word AND but the assembly langauge sequnce of moving successive AL values into AX, where AH is fixed at 35, thus the effect is the same as an add, (or a byte AND of the random charcter to a zero AL) - the result is a number in the range of 13,568 to 13,823. Further, with respect to the simple system described in our release, we believe that the trimming procedure, that as some of you know, we used for another purpose - to eliminate the perceived problem of more frequent close pairs, on the average more 0,0's as opposed to 0,255's, defeats the plain text attack, though it may require the jump start as we have described - running the system through a few iterations before commencing the actual encryption. The effect of this, as has been described to some of you, is that some of the D's are not used, that portion of each C value that is not an even multiple of 256, for example 14009 MOD 256 is 185. Thus, those values where A[i] > 13824 are not used to XOR against the plain text - this is easily done in ASM by simply comparing the high order 8 bits, of A[i] with the high order 8 bits of C[i], if they are equal, then the XOR does not take place - thus the 64 interval is not applicable, it is variable depending upon the randomly selected C values. Without having the known 64 interval as a constant, I believe that the system is still solid. As those of you heretofore privy to that information know, that modification to the system system takes about 10% more time, than the system that was "cracked." Maybe, we need to do both this and use the 5600 byte system. We will appreciate any input in this regard. If we must go to the 12288 byte system, the system will be slower. However, as many of you know, it is still extremly fast but not as fast as either of the other two versions. With the 12,288 bit system. Our tests indicate that nothing but random values, can be obtained by either known plain text attack or by pattern recognition methodologies, those of which we are aware, on the 12,288 bit system. Those of you who have had all of the materials will understand the foregoing. With the information provided heretofore, you can determine the effect on the other two systems. Also, those people will know my expressed fear of a premature announcement, such as that which has now been made, would have. This was the reason, that I resisted so strongly the release of the materials to the C'punks list though a few of you recommended that I do so. Perhaps we should have released everything? Who knows. However, in any case, that is water over the dam and IPG must go on from here. It is only another of the many mistakes that we will undoubtedly make along the way. Having said that though, we must go back to our prior evaluation method, a strict confidential mode. However, I believe that we have added several very good additional people who can help to analyze the system. In view of the willful violation of our confidential release, without knowing everything involved, and putting it out on the Internet, please be advised that other than those who have heretofore been evaluating the system, we will make no further releases except on a highly selective basis. The dozens of you who have requested copies of the materials,and have not yet received them, please be patient until we can get back on track. On a selected basis, we will provide then to you, after discussing it with each of you privately. Obviously, this breech occurred from yesterdays posting since no mention was made of the 5600 bit or 12,288 bit random seed systems. Therefore, we intend to be very careful from now on. Accordingly, this will be the last letter posted to the entire cypherpunks list for the time being. If any reader posts something to the entire Cypherpunks list, do not expect any response to from IPG, there will be none. Perhaps a battle has been lost, maybe even probably? But the war is not over, not by a long shot - with minor modifications this system is absolutely secure as events will prove. However, be assured that we will not sell our product to anyone until that can be definitively established. We greatly appreciate the contribution of some of those on the cypherpunks mailing list, including the anonymous remailer, have made. We hope that someway can be found for that person to continue to cooperate with us, since we are herein obviously providing information that can be evaluated. If that person will communicate with us privately, in remailer form, including a PGP public key, we will post our response to the C'Punks list in encrypted form, or suggest an alternate approach. To many of you, you will be hearing from us tomorrow - to the remaining of you, some of whom have objected to our providing you with unsolicited information, which we mistakenly thought that you would want, you will hear from us soon, depending upon the findings made by your C'punk list associates and others. Thanks kindly, Ralph