using pgp to make an otp
-- [ From: amp * EMC.Ver #2.3 ] -- -----BEGIN PGP SIGNED MESSAGE----- greetings c-punks, i may have posted this at some time in the past, as i have asked it elsewhere and gotten different responses. i'm interested in that the folx here think about it though, so here it is... i want a source of data for use as a otp. i don't want to have to hook up any external devices to my pc to do it. (although some of the methods mentioned in the past few days are quite interesting.) i'd like to know if there was a reason not to use the output of pgp to do it. i've been playing with the following method. i take a file and encrypt it to a key with the '-a' flag on. this generates an ascii file that is easily editable using simple, standard rexx calls. i strip the first 20 or so lines and the last 20 or so lines and put the resulting file aside. then i perform the same operation again and append the file to the previous result. i repeat until the file is sufficiently large for my purposes and then give the resulting file to the person(s) i want to have it. i still need a program to make use of the otp i've produced, but havent gotten that far as this is still pretty much a thought experiment and something for me to waste time with. once i'm ready to make use of it i'll either find a program or attempt to write something to use to make the data i've generated useful. i would think that the output of pgp should be pretty darn random. if it isn't, then it's usefulness is less than its reputation imo. as you can tell if you've read this far, i'm not a cryptographer. i just like the stuff and am working to become more proficient in its use as i think it is important if we are to maintain our privacy in an increasingly digital world. what are the holes in this? why would it be unadvisable to do it? otoh, would it be a good basis for a otp? amp <0003701548@mcimail.com> <alan.pugh@internetmci.com> PGP Key = 4A2683C1 November 5, 1995 1:16 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMJxWxigP1O9KJoPBAQFzxggAmRyJlfZVt8s6shqkkvFxmSpJdyZvaSEw O/hQEb5fJK4FuxZaIyw2Enp4Ca1/vGeEaw1Zc8JM2wSk2Km4Vjl7zlJjmIpOJ6Nw QAJfpHwwz77NMpMiWLj/m9nwkBeQs3IPcgDywIBu2Hfw6o79bndUS+GbEoG0f/+L jH7y0bZ+pNX/fLYaPZRnPPGVDqPn7VkfuvByT5Op5rNbHU56kSneW3bC79M1SO3K sYXpdGYU6mWC5xbYq1eQI9sCpkdB4pftMC3cizvKdueXGTMnXbngwBnu+Hk7GONz KOx9x6rWPJ/NBTJONiz4Scg28XelnziBP5OYXSWzBNFBoauZpcK0MQ== =8lYe -----END PGP SIGNATURE-----
amp writes:
i want a source of data for use as a otp. i don't want to have to hook up any external devices to my pc to do it. (although some of the methods mentioned in the past few days are quite interesting.)
i'd like to know if there was a reason not to use the output of pgp to do it.
Yes. What you have then is just an elaborate cipher that is not a one time pad. For it to be a one time pad, the numbers must be truly random and generated only once, period.
i would think that the output of pgp should be pretty darn random.
If PGP is good enough for use as a source for cipher keying material, then you needn't use it as a one time pad -- just use PGP directly. If PGP isn't good enough, it certainly isn't good enough for use as cipher keying material. In either case, it is NOT NOT NOT a one time pad if it isn't truly random numbers -- that means physically random. Perry
On the subject of reused one-time-pads: What are the attacks that become available if a pad is used two times. The ones I can think of are: known plaintext- if any parts of one message can be obtained or guessed, the corresponding parts of the other message are automatically obtained. statistics- (m1^C)^(m2^C) == m1 ^ m2. If the message is english, then certain combinations of letters are more frequent than others. Try more probably cominations first. Guess phrases - pick a common word - slide it down the m1^m2 text and see if the result looks like english - if it does, you've got a word in one, and a bunch of known text in another. The latter attack looks like it could be automated pretty well, and could run pretty fast, but I get the feeling I'm missing an obvious, better method. What's the standard way of attacking TTPs? What's the most secure way to reuse a OTP if (say) an emergency happens when you're on the road, and you're out of pad? Could you build a sequence of keys for something like DES from widely separated bits of the pad, and use each key for one block, or is this likely to expose the original OTPed message, as well as the successor messages? Simon
Simon Spero writes:
On the subject of reused one-time-pads: What are the attacks that become available if a pad is used two times. The ones I can think of are:
I will point out that the NSA's VENONA project, which among other things lead indirectly to the execution of the Rosenbergs, got its only break from the two time use of one time pads by the Soviet spies. I can't guess all the techniques they used, but obviously there are enough things you can do to make it dangerous. Perry
| i may have posted this at some time in the past, as i have asked it | elsewhere and gotten different responses. i'm interested in that the | folx here think about it though, so here it is... I think you should read Marcus Ranum's OTP faq, on www.iwi.com:/pubs/ | i want a source of data for use as a otp. i don't want to have to | hook up any external devices to my pc to do it. (although some of the | methods mentioned in the past few days are quite interesting.) Can't be done. If you use a cipher to generate the pad, you have less than full, honest to nature entropy, and you might as well use PGP. Badly generated, or reused OTPs are very poor ciphers. | i'd like to know if there was a reason not to use the output of pgp | to do it. i've been playing with the following method. i take a file Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Sun, 5 Nov 1995, amp wrote:
greetings c-punks,
i may have posted this at some time in the past, as i have asked it elsewhere and gotten different responses. i'm interested in that the folx here think about it though, so here it is...
i want a source of data for use as a otp. i don't want to have to hook up any external devices to my pc to do it. (although some of the methods mentioned in the past few days are quite interesting.)
i'd like to know if there was a reason not to use the output of pgp to do it. i've been playing with the following method. i take a file and encrypt it to a key with the '-a' flag on. this generates an ascii file that is easily editable using simple, standard rexx calls. i strip the first 20 or so lines and the last 20 or so lines and put the resulting file aside. then i perform the same operation again and append the file to the previous result. i repeat until the file is sufficiently large for my purposes and then give the resulting file to the person(s) i want to have it.
There is a way to make a file with random contents using PGP. Just type pgp +makerandom=xxx file.ext where xxx is the size of the file you want to create. I would not advise using this or other methods using a pseudo- random number generator.
i would think that the output of pgp should be pretty darn random. if it isn't, then it's usefulness is less than its reputation imo. as you can tell if you've read this far, i'm not a cryptographer. i just like the stuff and am working to become more proficient in its use as i think it is important if we are to maintain our privacy in an increasingly digital world.
The random output of PGP is pretty random but when the output is used to generate very large OTP's, patterns will no doubt exist. Hardware RNG's are still the best. `finger -l markm@omni.voicenet.com` for public key and Geek Code Public Key/1024: 0xF9B22BA5 BD 24 D0 8E 3C BB 53 47 20 54 FA 56 00 22 58 D5 Homepage URL:http://www.voicenet.com/~markm/
participants (5)
-
Adam Shostack -
amp -
Mark M. -
Perry E. Metzger -
Simon Spero