At 03:06 PM 10/21/96 +0000, paul@fatmans.demon.co.uk wrote:

...

This whole thing seems crazier each time I think about it. basically my question is: given that he picks his key securly does he have an OTP if the plaintext is shorter than the key? Bob

Yes, if he were just to modular add the key to the plaintext (or XOR them) he would have an OTP if AND ONLY IF the key were real random, however, he doesn`t do this, he uses the key to seed an array or linear congruential generators, which have been cryptanalysed to hell and back.

I think that there may be at least one potential application for a sorta-OTP system to be overlaid on a reasonably-secure public-key system: I think there might be an use for a system that allows the recipient of a message to prove to his own satisfaction that the sender of the message is who he says he is, but does NOT allow him to prove this to anyone else's satisfaction. The goal would be to prevent one party to the commucation from being strongarmed into not only revealing the data, but also providing trustworthy evidence against the other person. I haven't thought about this in enough detail to know if this is practical. Jim Bell jimbell@pacifier.com