From: wichita@cyberstation.net
Date: Sat, 30 Nov 1996 01:00:20 -0800 (PST)
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: IPG Algorith Broken!  Chudov - Thorn etal,
In-Reply-To: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
Message-ID: <Pine.BSI.3.95.961130024219.19278H-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain




On Sun, 24 Nov 1996, The Deviant wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 23 Nov 1996, Dale Thorn wrote:
> 
> > Igor Chudov @ home wrote:
> > > Black Unicorn wrote:
> > > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > > John Anonymous MacDonald writes:
> > > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> > 
> > > > > > No?  Please prove your assertion.
> > 
> > > > > You can't prove a negative.  The best IPG could say is that
> > > > > it can't be broken with current technology.
> > > > > Next week someone might come up with a new way
> > > > > to break ciphers that renders the IPG algorithim breakable.
> > 
> > > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> > 
> > If you want to do that, why not do so as a response to Don's FAQ?
> > 
> > > As a crypto amateur, I would appreciate a good technical explanation as
> > > to why IPG's algorithm cannot be considered secure.
> > 
> > Is the concept here that:  Whereas conventional crypto generates/hashes
> > a *key* with which to encode the text, IPG generates a *pad* from a key,
> > more or less the length of the text, with which to encode the text??
> > 
> > It seems to me they're putting an additional layer of stuff ("OTP") between
> > the key generation and the actual encoding, so what's the problem with that,
> > as a concept?
> 
> a) what they're claiming is OTP isn't OTP.  They use algorithmicly
> generated "random" numbers.  Random numbers can't be algorithmicly
> generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
> very vulnerable.
> 
To quote the bard, King John, Act II at the end, Mad World, Mad Kings, Mad
Composition. We have repeatedly stated that we do not generate random
numbers, and agree that only hardware can generate true random numbers. I
have worked on more OTPs than probably all of the public responders to 
the cypherpunks lists put together. I know what kinds of tests that an OTP
must pass, and what they look like - I have designed very comprehensive
systems to analyzed them.

What I was trying to do,  using the neologism of "Software OTP," was to
point out that the encryptor stream will pass any of the tests that as
hardware produced OTP will. It is quite remarkable that so many of you
Simpleton's talk about the system without looking at it. Many of you have
and have found it to be intriguing. Paul Bradley admits to downloading the
system, he spent over five hours doing it according to our log, but he says
that he never did anything with it. Anyone that believes that also
believes that Paul knows how to brute force OTPs.

With Kindest regards,

Don Wood
[A