Perry Metzger <perry@piermont.com> writes:

Dan Bailey writes:

...

My suggestion is to post the OTP-expansion algorithm to sci.crypt.

Call it what it is -- a pseudo-random number generator, at best. As

I think this is the crux of the problem - they are simply misnaming their proprietry algorithm. I don't see any stigma attached with IPG admitting they have a PRNG seeded with a key, and XORing the PRNG stream with the data - this is exactly what RC4 does. But of course RC4 (now) has the advantage of open review, and before that it had the advantage of Ron Rivests reputation associated with it. Simply change all the literature to replace "OTP" with "PRNG", or "seed" in appropriate places. So, submitting your PRNG for open peer review would be a good start. But I don't think the fact that IPG generates the keys for their clients is good. I don't see this as a viable key distribution mechanism. But you *really* must stop equating your system with a one time pad, it absolutely is NOT a OTP.

you likely know (but the IPG folks don't seem to care) you can't "expand" a one time pad. One time means ONE TIME. Look at how the NSA broke the Venona intercepts of of even two-time use of keying material.

exactly. I do hope IPG will take the trouble to consider comments such as this, and Perrys comments above, if they are at all serious about their system every gaining any reputation. Adam