From: Flame Remailer <remailer@flame.alias.net>
Date: Tue, 24 Oct 95 13:22:58 PDT
To: elementrix.co.il.info@elementrix.co.il
Subject: Elementrix's so-called "Power One Time Pad"
Message-ID: <199510242011.VAA16761@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Essentially what these guys are selling is a secret key algorithm in which
the key for any given message is a function of some initial seed value,
and of hashes of all previous messages transmitted between the two parties.
So in theory, to break the code, one would need to know not only their
initial key, but also all of the messages trasmitted between them so far.
A similar result can be achieved by encrypting with PCBC, or other feedback
mode involving plaintext, and carrying the IV from the end of one session
to the beginning of the next.  This is not, of course, a one-time pad, and
hardly "groundbreaking" or "revolutionary".

While such a system could be designed securely in theory, the folks at
Elementrix appear to have little experience at designing secure
cryptographic systems.  Cryptographic systems designed by such novices
frequently have bugs in the implementation which weaken the security
offered, or have statistical weaknesses which allow cryptanalytic attack. 
Elementrix has offered no assurances that they have tested their system
for either.  Beware of snake oil.