"power one time pad"
I'd be interested in reactions to the article in Network World, 10/16/95 issue, page 53. It describes a supposed cryptosystem that sounds bogus, but I can't make up my mind about how much is the system and how much is the confusion of the author. Among other things, it says that POTP "doesn't use an encryption algorithm; instead it synchronizes random processes on two computers as they communicate". (I wonder if the author understands that that's just another way to describe encryption algorithms...) The other claim is that it eliminates the need to manage keys. "... there is no need for central servers where PGP keys ... are kept". This seems like a strange claim because of course PGP doesn't require central servers, but more importantly, you can't do authentication without at least one piece of keying data being established out of band. That could be a certification authority public key, but you need something to get started. Supposedly this thing was shown at Interop. Did anyone see it, and does the product make sense even if the article didn't? (One thing that disturbes me about the product name is the use of the phrase "one time pad". Since the "random" processes are presumably not random but rather pseudo-random, there is no one time pad involved at all, but rather a plain old stream cypher of some sort, which may or may not be secure in practice but cannot have the "secure from first principles" property that real one time pad has.) paul (pkoning@chipcom.com)
On Fri, 20 Oct 1995, Paul Koning 1695 wrote:
I'd be interested in reactions to the article in Network World, 10/16/95 issue, page 53. It describes a supposed cryptosystem that sounds bogus, but I can't make up my mind about how much is the system and how much is the confusion of the author.
I have heard a lot about the Elementrix POTP encryption algorithm. I remain skeptical of this algorithm until the source code is released.
Among other things, it says that POTP "doesn't use an encryption algorithm; instead it synchronizes random processes on two computers as they communicate". (I wonder if the author understands that that's just another way to describe encryption algorithms...) I don't believe this is an error caused by the author's ignorance of encryption. I remember hearing the same exact thing about POTP "not using an encryption algorithm" from one of the Elementrix spokespeople.
The other claim is that it eliminates the need to manage keys. "... there is no need for central servers where PGP keys ... are kept".
This seems like a strange claim because of course PGP doesn't require central servers, but more importantly, you can't do authentication without at least one piece of keying data being established out of band. That could be a certification authority public key, but you need something to get started.
Supposedly this thing was shown at Interop. Did anyone see it, and does the product make sense even if the article didn't?
I downloaded the secure email client for windoze and it seemed to make sense. I might have misunderstood the documentation but it says that it has to establish a "secure channel" with the other person by reciprocating emails with what I would guess to be key synchronization data. FYI, this client is available from the Elementrix FTP site at ftp.elementrix.com. ---------------------------------------------------------------- `finger -l markm@omni.voicenet.com` for public key and Geek Code Public Key 1024-bit: 0xF9B22BA5 Fingerprint: BD 24 D0 8E 3C BB 53 47 20 54 FA 56 00 22 58 D5
At the risk of beating a mutilated horse carcass:
Among other things, it says that POTP "doesn't use an encryption algorithm; instead it synchronizes random processes on two computers as they communicate". (I wonder if the author understands that that's just another way to describe encryption algorithms...) The other claim is that it eliminates the need to manage keys. "... there is no need for central servers where PGP keys ... are kept".
Well, PGP does have keys. You have your private key and your public key, and they have to be managed somehow (stored on disk) even if it's not centrally. Other algorithms like kerberos have more complex key management issues. This has no key, and hence no management.
This seems like a strange claim because of course PGP doesn't require central servers, but more importantly, you can't do authentication without at least one piece of keying data being established out of band. That could be a certification authority public key, but you need something to get started.
This is the most confusing part of the whole thing.. How does it get started. unfortunately, as this is embroiled in non-disclosure and patent-pending, we're not going to know, but are forced to take the word of experts such as David Kahn that it works as advertised.
Supposedly this thing was shown at Interop. Did anyone see it, and does the product make sense even if the article didn't?
Yes, I and a friend of mine were the only two people in the audience that were not Journalists. It does look rather intruguing, but so much negativism is flying about, that most people have dismissed it out of hand.
(One thing that disturbes me about the product name is the use of the phrase "one time pad". Since the "random" processes are presumably not random but rather pseudo-random, there is no one time pad involved at all, but rather a plain old stream cypher of some sort, which may or may not be secure in practice but cannot have the "secure from first principles" property that real one time pad has.)
Yeah, this is a bit of a marketing issue. It doesn't use a cryptographically strong random number generation scheme. Instead, some kind of state about the two machines and the message stream is used to perform synchronization. Then, the message itself is supposed to impart the non-repetitive nature for the non-repeating "One time pad". So, in the sense that it never repeats, it could be called a one time pad, and that's how they are using it. However, according to the traditional definitions of a one time pad with a strong random number and no correlation, it may not pass. I believe they also use a random number stream somehow.. e.g. both parties observe some random number stream, as well as the randomness in the message itself to construct the pad. It would seem that if you wanted to decode message N of an M message sequence, you would need all of the messages 1 through N to do it. If any one of them was missing, you couldn't decode N itself. -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that"
This is the most confusing part of the whole thing.. How does it get started. unfortunately, as this is embroiled in non-disclosure and patent-pending, we're not going to know, but are forced to take the word of experts such as David Kahn that it works as advertised.
Has David Kahn made such a statement? Where can I read the context in which it was made? Kahn is a historian of cryptography, not a cryptographer. On the basis of the documents made avaliable to me it looks like the standard linear feedback sequence generator hack. It does not appear to be a one time pad system in anything but name.
Yes, I and a friend of mine were the only two people in the audience that were not Journalists. It does look rather intruguing, but so much negativism is flying about, that most people have dismissed it out of hand.
Often the best thing to do. I don't know who designed POTP nor what they created but if I use it and it fails I take the risk. Note that in the Mondex case if it fails Mondex take the hit. As a final point one the security of one time pads is only guaranteed as long as the pads are never reused in any sense whatsoever. The system is exceptionaly fragile, the slightest breach of secuirty can destroy it, consider the Venona decrypts for example. I'm thinking of writing a paper "How One Time Pads Fail" to discuss failures of "unbreakable systems". I have some new material on how to copy the Venona cracking method and also plan to analyse POTP and a few other alledged one time pad systems. If anyone knows of other alledged one time pad systems that weren't please email me and I'll include them. Phill
participants (4)
-
Doug Hughes -
hallam@w3.org -
Mark M. -
Paul Koning 1695