From: frantz@netcom.com (Bill Frantz)
Date: Mon, 22 Jul 1996 18:21:53 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: A Snake-Oil FAQ
Message-ID: <199607220731.AAA11388@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:37 PM 7/20/96 +0000, Deranged Mutant wrote:
>The vendor may confuse random session keys or initialization vectors
>with OTPs.

"Random session keys" and "initialization vectors" probably need
definition.  Perhaps a very high level description of an existing "good"
encryption system would do.  Certainly a pointer to such a description
would be valuable.  Here is a start at some definitions:

Random session keys - The practice of generating a new, random key for each
message/communication session etc.  This key needs to be communicated to
the receivers of the message.  This communication can be performed using
public key cryptography or protocols such as Diffie Hellman.

Initialization Vectors - The practice of including some random data at the
start of an encrypted message to make it more secure against certain forms
of cryptanalysis.

A good idea and a good first pass - Bill


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA