On Sun, 24 Nov 1996, The Deviant wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 23 Nov 1996, Dale Thorn wrote:
Igor Chudov @ home wrote:
Black Unicorn wrote:
On Sat, 23 Nov 1996, Eric Murray wrote:
John Anonymous MacDonald writes:
At 8:09 AM 11/23/1996, Eric Murray wrote: >No, you can't. It's impossible to prove an algorithim unbreakable.
No? Please prove your assertion.
You can't prove a negative. The best IPG could say is that it can't be broken with current technology. Next week someone might come up with a new way to break ciphers that renders the IPG algorithim breakable.
Someone needs to write an IPG and Don Wood FAQ. No, I'm not volunteering.
If you want to do that, why not do so as a response to Don's FAQ?
As a crypto amateur, I would appreciate a good technical explanation as to why IPG's algorithm cannot be considered secure.
Is the concept here that: Whereas conventional crypto generates/hashes a *key* with which to encode the text, IPG generates a *pad* from a key, more or less the length of the text, with which to encode the text??
It seems to me they're putting an additional layer of stuff ("OTP") between the key generation and the actual encoding, so what's the problem with that, as a concept?
a) what they're claiming is OTP isn't OTP. They use algorithmicly generated "random" numbers. Random numbers can't be algorithmicly generated. If the numbers in "OTP" aren't random, it isn't OTP. Its also very vulnerable.
To quote the bard, King John, Act II at the end, Mad World, Mad Kings, Mad Composition. We have repeatedly stated that we do not generate random numbers, and agree that only hardware can generate true random numbers. I have worked on more OTPs than probably all of the public responders to the cypherpunks lists put together. I know what kinds of tests that an OTP must pass, and what they look like - I have designed very comprehensive systems to analyzed them. What I was trying to do, using the neologism of "Software OTP," was to point out that the encryptor stream will pass any of the tests that as hardware produced OTP will. It is quite remarkable that so many of you Simpleton's talk about the system without looking at it. Many of you have and have found it to be intriguing. Paul Bradley admits to downloading the system, he spent over five hours doing it according to our log, but he says that he never did anything with it. Anyone that believes that also believes that Paul knows how to brute force OTPs. With Kindest regards, Don Wood [A