1995-11-05 - Re: using pgp to make an otp

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: amp <Alan.Pugh@internetmci.com>
Message Hash: 274586b862a072ee0d6244cf94f25746c0a354f8738a58662b4d3ed17d7d78a8
Message ID: <199511050428.XAA06831@jekyll.piermont.com>
Reply To: <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET>
UTC Datetime: 1995-11-05 04:34:58 UTC
Raw Date: Sun, 5 Nov 1995 12:34:58 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 5 Nov 1995 12:34:58 +0800
To: amp <Alan.Pugh@internetmci.com>
Subject: Re: using pgp to make an otp
In-Reply-To: <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <199511050428.XAA06831@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



amp writes:
> i want a source of data for use as a otp. i don't want to have to
> hook up any external devices to my pc to do it. (although some of the
> methods mentioned in the past few days are quite interesting.) 
> 
> i'd like to know if there was a reason not to use the output of pgp
> to do it.

Yes. What you have then is just an elaborate cipher that is not a one
time pad. For it to be a one time pad, the numbers must be truly
random and generated only once, period.

> i would think that the output of pgp should be pretty darn random.

If PGP is good enough for use as a source for cipher keying material,
then you needn't use it as a one time pad -- just use PGP directly. If
PGP isn't good enough, it certainly isn't good enough for use as
cipher keying material. In either case, it is NOT NOT NOT a one time
pad if it isn't truly random numbers -- that means physically random.

Perry





Thread