From: Jim Gillogly <jim@acm.org>
Date: Thu, 28 Sep 95 18:43:51 PDT
To: cypherpunks@toad.com
Subject: Re: worldwide announce: New OTP Mail/FTP apps
In-Reply-To: <199509290031.TAA24720@lab21.eng.auburn.edu>
Message-ID: <199509290143.SAA19419@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain



> Doug Hughes <Doug.Hughes@Eng.Auburn.EDU> writes:
> you are really worried about security. This initial transaction serves
> as a seed for subsequent transactions. All subsequent transactions
> depend on preceding transactions. A degree of randomness comes from the
> randomness of the messages. Each next word in the message is random.

> After the initial exchange every message sent subsequently gets randomized
> from the previous randomness of the messages plus something in the table.

OK, you expected this, but here goes anyway.  This isn't a one time pad
because the "randomness" isn't really random -- it depends on a bunch of
plaintext.  Technically from your description this looks like a plaintext
autokey system.  A true OTP requires honest to goodness physically random
key material for the pad.  It may be quite strong, but it just doesn't
fit the definition.

Sigh.

People keep throwing OTP around because it's the only known perfect system --
until we get quantum crypto, I suppose -- but few companies actually want to
go to the trouble to implement the real thing.  And with good reason -- it's
a nuisance to do secure exchanges on the keying material.

	Jim Gillogly
	Sterday, 8 Winterfilth S.R. 1995, 01:41