A Snake-Oil FAQ

Bill Frantz frantz at netcom.com
Mon Jul 22 03:21:53 PDT 1996


At  4:37 PM 7/20/96 +0000, Deranged Mutant wrote:
>The vendor may confuse random session keys or initialization vectors
>with OTPs.

"Random session keys" and "initialization vectors" probably need
definition.  Perhaps a very high level description of an existing "good"
encryption system would do.  Certainly a pointer to such a description
would be valuable.  Here is a start at some definitions:

Random session keys - The practice of generating a new, random key for each
message/communication session etc.  This key needs to be communicated to
the receivers of the message.  This communication can be performed using
public key cryptography or protocols such as Diffie Hellman.

Initialization Vectors - The practice of including some random data at the
start of an encrypted message to make it more secure against certain forms
of cryptanalysis.

A good idea and a good first pass - Bill


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz at netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA








More information about the cypherpunks-legacy mailing list