Internet Privacy Guaranteed ad (POTP Jr.)
aba at atlas.ex.ac.uk
aba at atlas.ex.ac.uk
Sat Feb 24 18:09:03 PST 1996
Perry Metzger <perry at piermont.com> writes:
> Dan Bailey writes:
> > My suggestion
> > is to post the OTP-expansion algorithm to sci.crypt.
>
> Call it what it is -- a pseudo-random number generator, at best. As
I think this is the crux of the problem - they are simply misnaming
their proprietry algorithm.
I don't see any stigma attached with IPG admitting they have a PRNG
seeded with a key, and XORing the PRNG stream with the data - this is
exactly what RC4 does. But of course RC4 (now) has the advantage of
open review, and before that it had the advantage of Ron Rivests
reputation associated with it. Simply change all the literature to
replace "OTP" with "PRNG", or "seed" in appropriate places.
So, submitting your PRNG for open peer review would be a good start.
But I don't think the fact that IPG generates the keys for their
clients is good. I don't see this as a viable key distribution
mechanism.
But you *really* must stop equating your system with a one time pad,
it absolutely is NOT a OTP.
> you likely know (but the IPG folks don't seem to care) you can't
> "expand" a one time pad. One time means ONE TIME. Look at how the NSA
> broke the Venona intercepts of of even two-time use of keying material.
exactly.
I do hope IPG will take the trouble to consider comments such as this,
and Perrys comments above, if they are at all serious about their
system every gaining any reputation.
Adam
More information about the cypherpunks-legacy
mailing list