There is a thread going in coderpunks about some software company that claims to have invented a software OTP that uses a PRNG. The local experts have ruled that this is impossible and I would have to agree, but this thread got me thinking. I would argue that the security of an OTP is derived not from the fact that it really is secure, but from the fact that it is claimed to be an OTP. Imagine a plaintext, encrypted with triple-des. It looks like a bunch of 1's and 0's to the casual observer, but to you it is your secret plan to take over the world. Or so you would have us believe if we crack the cypher. actually you plan to take over the world using a completely different plan. It is quite easy to take the bits of the des-encrypted message, and calculate the OTP key nessasary to decrypt the message into your real plan. It would seem you could build a key to have your message say anything of equal length. Why then must a true OTP be based on a true RNG? Because one of the actual possible keys of a real OTP is indeed the encrypted des message, you can claim that it is an otp and no-one can prove otherwise. They can say "But we cracked your des key and can decypher this message!" and you say "nope i used an OTP, that is a false message, here is what it really says! The fact that by PURE coincidence that OTP could be decrypted using that particular key means nothing, because a true OTP can generate that bit sequence. So in conclusion i would say that we can give pgp complete and perfect security but the simple process of changing the header from ---Begin PGP message--- to ----Begin OTP message----. This makes you immune from decryption because no one will ever know or can ever prove that the decryption they got is the correct one. Any comments? Walrus