From: aba@atlas.ex.ac.uk
Date: Sun, 25 Feb 1996 10:09:03 +0800
To: ipgsales@cyberstation.net
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <8320.9602241346@dart.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Perry Metzger <perry@piermont.com> writes:
> Dan Bailey writes:
> > My suggestion
> > is to post the OTP-expansion algorithm to sci.crypt.
> 
> Call it what it is -- a pseudo-random number generator, at best. As

I think this is the crux of the problem - they are simply misnaming
their proprietry algorithm.

I don't see any stigma attached with IPG admitting they have a PRNG
seeded with a key, and XORing the PRNG stream with the data - this is
exactly what RC4 does.  But of course RC4 (now) has the advantage of
open review, and before that it had the advantage of Ron Rivests
reputation associated with it.  Simply change all the literature to
replace "OTP" with "PRNG", or "seed" in appropriate places.

So, submitting your PRNG for open peer review would be a good start.
But I don't think the fact that IPG generates the keys for their
clients is good.  I don't see this as a viable key distribution
mechanism.

But you *really* must stop equating your system with a one time pad,
it absolutely is NOT a OTP.

> you likely know (but the IPG folks don't seem to care) you can't
> "expand" a one time pad. One time means ONE TIME. Look at how the NSA
> broke the Venona intercepts of of even two-time use of keying material.

exactly.

I do hope IPG will take the trouble to consider comments such as this,
and Perrys comments above, if they are at all serious about their
system every gaining any reputation.

Adam