At 09:58 AM 11/5/95 -0500, amp <Alan.Pugh@internetMCI.COM> wrote:

i want a source of data for use as a otp. .... i'd like to know if there was a reason not to use the output of pgp

Either PGP is a strong enough cryptosystem that you don't need to use a one-time-pad, or it's not, in which case you need better randomness than PGP will give you (I doubt it), or you have special applications for which PGP is impractical (like decrypting small amounts of data on a very wimpy machine in an environment that you can easily distribute OTP keys (for using ONCE ONLY)). Or you're just doing it for fun. A OTP can give you provably secure cryptography, given that the pad is only used once, and has real randomness behind it. If it's only pseudo-random numbers (e.g. generated from some algorithm), then it's as crackable as the source of random numbers, and therefore no longer provably secure. And of course, if you use it more than once, or your pad distribution isn't secure, you lose.

i still need a program to make use of the otp i've produced,

what are the holes in this? why would it be unadvisable to do it? The big problem with OTPs (other than getting people to use the pads ONLY ONCE, since they're otherwise hosed) is shipping them around;

otoh, would it be a good basis for a otp? Large quantities of good random numbers are hard to find. Small quantities can come from dice or throwing darts at the stock market pages;

Two alternatives - spend 5 minutes writing it in a language you know well, or pick a language you don't know very well and use it as an excuse to learn the language. It's slightly more complex than "hello, world", since you need to input data from two files and use XOR. the traditional method is guys with briefcases handcuffed to their arms.... the zener diode or radioactivity methods people have been discussing will produce larger quantities if you've got the equipment. If you've got one of those new radio-tuner boards for your PC, tuning it to an unused station might be quite decent, and we've just been discussing whether video is any good. With many of these sources, it's probably worth grinding the numbers through some sort of compression or encryption algorithm just to smudge over any periodicity or other structure to it. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---