From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
To: cypherpunks@toad.com
Message Hash: b051c48d57e9fe95c2d3131a20b4f496ab1c7a26b53bba97a623c2c85b89c2d7
Message ID: <199509290031.TAA24720@lab21.eng.auburn.edu>
Reply To: N/A
UTC Datetime: 1995-09-29 00:31:18 UTC
Raw Date: Thu, 28 Sep 95 17:31:18 PDT
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Thu, 28 Sep 95 17:31:18 PDT
To: cypherpunks@toad.com
Subject: worldwide announce: New OTP Mail/FTP apps
Message-ID: <199509290031.TAA24720@lab21.eng.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain
A company in Israel named Elementrix has just announce at Interop an
entirely new paradigm in secure transactions. They have a secure
one time pad that allows people to exchange mail and ftp files back
in forth in complete security without the worries of key management
or storage or secure random number generation or synchronization.
In the words of Winn Schwartau: "This really fucks with your brain"
Both he and David Kahn have gotten information out of non-disclosure, as
well as several other un-named experts in cryptography about the nature
of this new development. They were astounded and have provided assurances
as to its authenticity and ability to work as advertised. So far they
have no released the complete protocol, but plan to do so as soon as
the Patent issues pending in several countries have been resolved. The
protocol will be completely published and subject to scrutiny by
everybody.
To me it looks like it would be trivial for them to integrate it into
any and all kinds of browsers, clients and applications. Of course, I do
not have a complete knowledge of the entire protocol, but the brief
overview was simple enough to understand in concept. If it can work in
FTP, it can surely work in telnet as well, it's just a different front
end over a TCP/IP connection.
I realize that there will be those out there on this list who will
immediately dismiss this as a hoax, as would have I had I not seen
it operate with my own eyes, and sat through the conference. It was
a case of serendipity for me, showing up at the booth and getting an
invite to the press conference on the one day I decided to attend
Networld/Interop.
It works something like this: (I may not have it completely right, but
this is what I understood of the broken English of the man without
the microphone)
A third party generates random numbers, or one of the two communicating
parties. The numbers do not have to be secret. There is also a published
table of mappings..
Something like, a number, and an operation..
1 -> add 23
2 -> add 21
3 -> add 40
4 -> add 57
90 -> sub 23
One initial connection is all that is needed to have a secure connection
for the lifetime of the two communicating parties. This initial connection
can be accomplished via any number of ways. It does involve an initial
one time only shared secret. This is much different than the many shared
secrets and key management issues of private and public key systems.
For the initial connection you can stick the machines back to back if
you are really worried about security. This initial transaction serves
as a seed for subsequent transactions. All subsequent transactions
depend on preceding transactions. A degree of randomness comes from the
randomness of the messages. Each next word in the message is random.
(the argument goes like this: If you already know what the next word in
the message is, there is no point in sending the message in the first
place, because you know what all the words in the message are.) This
imparts some degree of randomness, as no two beings will have an entire
conversation over their lives the same as their conversation with anybody
else: similar arguments can be applied to file transfers.
After the initial exchange every message sent subsequently gets randomized
from the previous randomness of the messages plus something in the table.
If somebody else makes an exact copy of your machine, and sends a message
as you, then you can no longer send messages to the other party as you
are out of sync, and an Intruder alert is flagged if you do try to send
a message. Then you and the foreign party can resynchronize. This new state
is the basis for new messages.
Argument: "That's fine, but how to I communicate securely with someone
over the Internet with email that I'm not able to setup a secure channel
with."
Apparently each distribution disk is encoded with a unique ID and some
kind of unique (and as yet undisclosed table and algorithm). This table
allows the two parties to somehow setup a secure session and send mail.
This does not solve authentication problems. If somebody steals your
disk and sends mail to someone, they can appear to be you (or anybody).
However, the minute you try to send mail to that same person, there is
state on the remote machine with the imposter that you do not possess
that flags an intruder problem, and new negotiations can begin.
However, snoopers of the original message will still be unable to
decode the one time pad.
Winn Schwartau and Dr. David Karn have both signed non-disclosure and
both made announcements to the affect that it does work as advertised.
Also, it is not strictly random numbers in the traditional sense. It relies
on the fact that the message is composed of a random series of words to
create the one time pad. However, the one time pad does not repeat itself
due to the continuing diversity of subsequent messages. They have reviewed
the math and the algorithms and stated that it's a completely new way
to think about cryptography, and the math is valid.
Usability: point and click.. Click on the little lock button and
the message is encrypted on the fly. The mail browser decrypts the
message on the fly. After it is decrypted it is stored on the hard
drive in plain text. (As it would have to be, unless you encrypt
it with some conventional secret-key algorithm like DES or IDEA).
This is fine as they say you have to have some degree of physical
security anyway, and this is only to protect you on the networks
in between the two machines. I'm inclined to agree.
Notes:
It's fast!!
I'm just telling you what I heard.
I have no idea how or what is stored as state information if anything.
(part of the currently undisclosed algorithm).
I was very skeptical at first, but have affected cautious optimism at this
point. (until it is published).
I just have a couple things to add. If it's true and works as advertised, we're
in for a real treat, and the NSA and FBI are going to be really upset. :)
Those drug smugglers and kiddie porn pushers are going to be immune
to network wire taps. Next step: illegal algorithms, illegal XOR. ;)
Return to September 1995
Return to “Jim Gillogly <jim@acm.org>”