1996-10-21 - Re: Question: OTP

Header Data

From: jim bell <jimbell@pacifier.com>
To: rshueey@tcgcs.com>
Message Hash: 8e9d0026e45edfde9cd80060cd6e3e571d4c6cfd211d09f4ac566cee53a0f178
Message ID: <199610212245.PAA16503@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-10-21 22:46:36 UTC
Raw Date: Mon, 21 Oct 1996 15:46:36 -0700 (PDT)

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Mon, 21 Oct 1996 15:46:36 -0700 (PDT)
To: rshueey@tcgcs.com>
Subject: Re: Question: OTP
Message-ID: <199610212245.PAA16503@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:06 PM 10/21/96 +0000, paul@fatmans.demon.co.uk wrote:
>
>> This whole thing seems crazier each time I think about it.
>> basically my question is: given that he picks his key securly does he have
>> an OTP if the plaintext is shorter than the key?
>> Bob
>
>Yes, if he were just to modular add the key to the plaintext (or XOR 
>them) he would have an OTP if AND ONLY IF the key were real random, 
>however, he doesn`t do this, he uses the key to seed an array or 
>linear congruential generators, which have been cryptanalysed to hell 
>and back.


I think that there may be at least one potential application for a sorta-OTP 
system to be overlaid on a reasonably-secure public-key system:  I think 
there might be an use for a system that allows the recipient of a message to 
prove to his own satisfaction that the sender of the message is who he says 
he is, but does NOT allow him to prove this to anyone else's satisfaction.  
The goal would be to prevent one party to the commucation from being 
strongarmed into not only revealing the data, but also providing trustworthy 
evidence against the other person.  I haven't thought about this in enough 
detail to know if this is practical.

Jim Bell
jimbell@pacifier.com





Thread