worldwide announce: New OTP Mail/FTP apps
Jim Gillogly
jim at acm.org
Thu Sep 28 18:43:51 PDT 1995
> Doug Hughes <Doug.Hughes at Eng.Auburn.EDU> writes:
> you are really worried about security. This initial transaction serves
> as a seed for subsequent transactions. All subsequent transactions
> depend on preceding transactions. A degree of randomness comes from the
> randomness of the messages. Each next word in the message is random.
> After the initial exchange every message sent subsequently gets randomized
> from the previous randomness of the messages plus something in the table.
OK, you expected this, but here goes anyway. This isn't a one time pad
because the "randomness" isn't really random -- it depends on a bunch of
plaintext. Technically from your description this looks like a plaintext
autokey system. A true OTP requires honest to goodness physically random
key material for the pad. It may be quite strong, but it just doesn't
fit the definition.
Sigh.
People keep throwing OTP around because it's the only known perfect system --
until we get quantum crypto, I suppose -- but few companies actually want to
go to the trouble to implement the real thing. And with good reason -- it's
a nuisance to do secure exchanges on the keying material.
Jim Gillogly
Sterday, 8 Winterfilth S.R. 1995, 01:41
More information about the cypherpunks-legacy
mailing list