Re: IPG Algorith Broken!
Is the concept here that: Whereas conventional crypto generates/hashes a *key* with which to encode the text, IPG generates a *pad* from a key, more or less the length of the text, with which to encode the text??
It makes no difference whatsoever, no PRNG can have more entropy in the output stream than there was in the initial seed. Indeed, in general, the longer the PRNG runs for the more chance an adversary has of breaking it due to an increased amount of output.
It seems to me they're putting an additional layer of stuff ("OTP") between the key generation and the actual encoding, so what's the problem with that, as a concept?
Well for a start it`s not a one time pad because that requires a totally real random pad. They have a stream cipher, as for whether it is any good or not I would normally not trust a man with the talent for bullshit Don Wood has. Datacomms Technologies web authoring and data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey"
paul@fatmans.demon.co.uk writes:
It seems to me they're putting an additional layer of stuff ("OTP") between the key generation and the actual encoding, so what's the problem with that, as a concept?
Well for a start it`s not a one time pad because that requires a totally real random pad. They have a stream cipher, as for whether it is any good or not I would normally not trust a man with the talent for bullshit Don Wood has.
I suppose Paul doesn't consider his own ruminations about "brute force attacks against one-time pads" to be "bullshit". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Tue, 26 Nov 1996, Dr.Dimitri Vulis KOTM wrote:
paul@fatmans.demon.co.uk writes:
It seems to me they're putting an additional layer of stuff ("OTP") between the key generation and the actual encoding, so what's the problem with that, as a concept?
Well for a start it`s not a one time pad because that requires a totally real random pad. They have a stream cipher, as for whether it is any good or not I would normally not trust a man with the talent for bullshit Don Wood has.
I suppose Paul doesn't consider his own ruminations about "brute force attacks against one-time pads" to be "bullshit".
I could not agree more, Don Wood
Paul Fatman writes:
someone else writes:
Is the concept here that: Whereas conventional crypto generates/hashes a *key* with which to encode the text, IPG generates a *pad* from a key, more or less the length of the text, with which to encode the text??
It makes no difference whatsoever, no PRNG can have more entropy in the output stream than there was in the initial seed. Indeed, in general, the longer the PRNG runs for the more chance an adversary has of breaking it due to an increased amount of output.
Also the distinction between generating a psuedo random pad, and XORing that with the data and conventional ciphers is small and largely a matter of interpretation. This _is_ for example how RC4 works: RC4 has a PRNG the output of which is XORed with the data to be encrypted. The seed to the RC4 PRNG is the cryptographic key. If you prefered, an equivalent view of RC4 would be to say it produces a pseudo randomly generated PAD which is XORed with the data. Ron Rivests algorithm however has received independent review, and since it's "leak", academic review. It has survived unblemished so far. For Don Wood's algorithm on the other hand, I have seen no reports of any independent or academic or even casual review. This doesn't prove a negative, but it bodes badly for his algorithm in my view. If he was serious about his algorithm, he would attempt to get it published in a peer reviewed cryptographic journal, and/or pay for high reputation independent cryptographic consultants to examine it. That is my advice to Don, Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
participants (4)
-
Adam Back -
dlv@bwalk.dm.com -
paul@fatmans.demon.co.uk -
wichita@cyberstation.net