From: amp <Alan.Pugh@internetMCI.COM>
Date: Sat, 4 Nov 1995 23:06:29 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: using pgp to make an otp
Message-ID: <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

greetings c-punks,

i may have posted this at some time in the past, as i have asked it
elsewhere and gotten different responses. i'm interested in that the
folx here think about it though, so here it is...

i want a source of data for use as a otp. i don't want to have to
hook up any external devices to my pc to do it. (although some of the
methods mentioned in the past few days are quite interesting.) 

i'd like to know if there was a reason not to use the output of pgp
to do it. i've been playing with the following method. i take a file
and encrypt it to a key with the '-a' flag on. this generates an
ascii file that is easily editable using simple, standard rexx calls.
i strip the first 20 or so lines and the last 20 or so lines
and put the resulting file aside. then i perform the same operation
again and append the file to the previous result. i repeat until the
file is sufficiently large for my purposes and then give the
resulting file to the person(s) i want to have it. 

i still need a program to make use of the otp i've produced, but
havent gotten that far as this is still pretty much a thought
experiment and something for me to waste time with. once i'm ready to
make use of it i'll either find a program or attempt to write
something to use to make the data i've generated useful.

i would think that the output of pgp should be pretty darn random. if
it isn't, then it's usefulness is less than its reputation imo. as
you can tell if you've read this far, i'm not a cryptographer. i just
like the stuff and am working to become more proficient in its use as
i think it is important if we are to maintain our privacy in an
increasingly digital world.

what are the holes in this? why would it be unadvisable to do it?
otoh, would it be a good basis for a otp?

amp
<0003701548@mcimail.com>
<alan.pugh@internetmci.com>
PGP Key = 4A2683C1
November 5, 1995   1:16
 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMJxWxigP1O9KJoPBAQFzxggAmRyJlfZVt8s6shqkkvFxmSpJdyZvaSEw
O/hQEb5fJK4FuxZaIyw2Enp4Ca1/vGeEaw1Zc8JM2wSk2Km4Vjl7zlJjmIpOJ6Nw
QAJfpHwwz77NMpMiWLj/m9nwkBeQs3IPcgDywIBu2Hfw6o79bndUS+GbEoG0f/+L
jH7y0bZ+pNX/fLYaPZRnPPGVDqPn7VkfuvByT5Op5rNbHU56kSneW3bC79M1SO3K
sYXpdGYU6mWC5xbYq1eQI9sCpkdB4pftMC3cizvKdueXGTMnXbngwBnu+Hk7GONz
KOx9x6rWPJ/NBTJONiz4Scg28XelnziBP5OYXSWzBNFBoauZpcK0MQ==
=8lYe
-----END PGP SIGNATURE-----