using pgp to make an otp
Adam Shostack
adam at homeport.org
Mon Nov 6 21:35:43 PST 1995
amp wrote:
| my point here is that _if_ pgp output is random enough, i wouldn't need
| hardware. even i, with my extremely limited programming skills could create
| a .cmd file or program that could be used as imput for a stream cypher.
PGP output is not random enough to be used for a one time pad.
The security of a OTP is *entirely* based on the quality of the random
numbers; they should come from some strong generator. Building good
one time pads is tough, and usually not worth the effort.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list