From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:28:38 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Apologies and Clarifications -
Message-ID: <846000190.16798.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>          The assertion that an Ub must be an Rb, a truly Random bit,
>          is irrelevant ideology unless there exists the means to
>          convert the Unknown bit, Ub, into a Known bit, Kb.

This is a plainly circular argument, what you are saying is that if a 
bit cannot be predicted it can be used, yet it does not have to be 
random.

It is patently obvious to anyone with cryptographic experience and 
most people without any that to be unpredictable a stream of bits has to 
be random, otherwise if there is a correlation the next bits can be 
predicted from the previous bits. 
 
>          That is the sublime basis of the IPG algorithm, which is to
>          generate a stream of "unknown bits" which cannot be
>          analytically reconstituted in the absence of the OTP
>          generator key, and possibly other related key like
>          parameters. 

RUBBISH, yes, I know i`m shouting but I really have taken enough of 
this crap from snake oil peddlers over the years.

IF ARITHMETIC METHODS ARE USED TO CONSTRUCT A KEY THE RESULTING 
CRYPTOSYSTEM IS NOT A ONE TIME PAD.... END OF STORY

You cannot mathematically prove the security of the generator used in 
this system and are unlikely to be able to ever. whatever the case 
you can never prove the security of the whole system, the only 
provably secure system is a one time pad.

It may be predictable on output, we have already shown that it is 
vulnerable to many other cryptanalytic attacks, including Adams 
chosen plaintext attack and my timing attack.
The whole system has a number of gaping holes in it and no ammount of 
high worded twaddle is going to make it secure.

>         The additional caveat of course is that the key
>          cannot be guessed, nor can it be derived from brute force
>          methodologies, both of which are patently impossible with the
>          IPG algorithm. 

The key can probably be guessed, on first examination, which took 
about 5 minutes before I dismissed the algorithm as snakeoil, the 
generator appeared to me to be an array or linear congruential 
generators which have been cryptanalysed and proved insecure, by this 
very fact there is obviously a cryptanalytic attack waiting out there 
on the generator which produces no unpredictable state whatsoever in 
the "randomness pool"

>         You do not have to be a Stephen Hawking to
>          comprehend why that is a fact; each of you, with possible
>          minor exceptions, will be able to discern that because it
>          quickly becomes self evident as you ply the algorithm.

No, each of us has looked at the algorithm and decided that it is 
insecure, we have even proved it to you mathematically, and if your 
math was any better than high school level you would be able to 
comprehend our arguments, it is abundantly clear to me that nothing, 
not even the words of a world class cryptographer like Blaze or 
Rivest would convice you that your system is insecure, you have gone 
about creating a cryptosystem the same old way any idiot with no 
experience or knowledge of cryptography does. You have made up the 
most hideously complicated mess of data transformations you can 
imagine then constructed an inverse function to recover the data. you 
have given no thought to any complexity theoric or intuitive proof of 
the security of this algorithm, just done some irrelevant statistical 
tests on some keystream. your hope is that no-one else will be able 
to untangle this mess, you are deepy wrong.

Please get a clue.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"