Forwarded from sci.crypt: In article <45t9oh$6vd@newsbf02.news.aol.com>, whmurray@aol.com (WHMurray) writes:

In article <45qkp5$8rh@netaxs.com>, grendel@netaxs.com (Michael Handler) writes:

...

It looked somewhat like a stream cipher that generates its key by measuring packet lag over TCP/IP. General consensus was that any key determined from public information wasn't secure.

It uses a new symmetric message key for each message. The key for message n is a function of that for message n-1 modulated by the content of message n-1. However, it operates at the message layer, not the TCP/IP layer. In a given population, everyone in the population can begin with the same key. As messages are exchanged between any two parties in the population, they end up with a key which is unique to them. The system is synchronous. If any traffic between two parties is lost, they must re-synch; keys between each of the parties and other parties will not be affected.

The idea is novel and useful. It will be resistant against most attackers. It is much less resistant to attacks by nation states that could have a record of all traffic among all parties. Of course it is not an OTP nor is it more secure than other modern systems. If anything, it is a little less so, at least against those who have all of the traffic and to the extent that more than two parties start with the same initial key. Of course, its strength is to permit all members of the population to begin with the same key while ensuring that members of the population are safe from each other. It also ensures that compromise of the initial key is not sufficient to read traffic. One must have all the intervening traffic. Thus, if one comes to the party late, learning the initial key will not enable one to read current traffic.

...

OTOH, I saw a press-release on Cypherpunks a week or two back that claimed Whitfield Diffie and David Kahn had both examined the algorithm under NDA, and both were blown away by it. OTOOH, I don't know how much Diffie and Kahn know about TCP/IP.

Diffie knows enough; Kahn less. However, both are geniuses and know what they need to know. As to their being "blown away," I tend to doubt it. The idea is useful but not revolutionary.

...

We'll know for sure when they release the details of the spec. And, if they go to the logical conclusion of all this secrecy and they *don't* release the spec, it won't be worth a bucket of warm snake oil.

If they have applied for a patent and if the effectiveness of the scheme does not rely upon secrecy of the scheme, then of course there is no reason for secrecy. They sent me an evaluation copy of the program and have been fairly open in discussing it. (No one has suggested an NDA or even that there were any secrets involved.) While for security I would rather have Lotus Notes or Secure Exchange, for ease of administration this program has advantages.

The product is interesting and less bogus than your meters might lead you to believe. Few of us would like to have our products evaluated strictly on the basis of press releases and reports.

I believe that the scheme infringes patents of which I am aware.