I'd be interested in reactions to the article in Network World, 10/16/95 issue, page 53. It describes a supposed cryptosystem that sounds bogus, but I can't make up my mind about how much is the system and how much is the confusion of the author. Among other things, it says that POTP "doesn't use an encryption algorithm; instead it synchronizes random processes on two computers as they communicate". (I wonder if the author understands that that's just another way to describe encryption algorithms...) The other claim is that it eliminates the need to manage keys. "... there is no need for central servers where PGP keys ... are kept". This seems like a strange claim because of course PGP doesn't require central servers, but more importantly, you can't do authentication without at least one piece of keying data being established out of band. That could be a certification authority public key, but you need something to get started. Supposedly this thing was shown at Interop. Did anyone see it, and does the product make sense even if the article didn't? (One thing that disturbes me about the product name is the use of the phrase "one time pad". Since the "random" processes are presumably not random but rather pseudo-random, there is no one time pad involved at all, but rather a plain old stream cypher of some sort, which may or may not be secure in practice but cannot have the "secure from first principles" property that real one time pad has.) paul (pkoning@chipcom.com)