From: “Mark M.” <markm@omni.voicenet.com>
To: cypherpunks@toad.com
Message Hash: 66b0e14161eac752929a6f0af7eebfce029e8c6737b8224f4b17668b1f33ed38
Message ID: <Pine.LNX.3.91.951021200919.452A-100000@localhost>
Reply To: <3087F1A2@mailer2>
UTC Datetime: 1995-10-22 00:21:46 UTC
Raw Date: Sat, 21 Oct 95 17:21:46 PDT
From: "Mark M." <markm@omni.voicenet.com>
Date: Sat, 21 Oct 95 17:21:46 PDT
To: cypherpunks@toad.com
Subject: Re: "power one time pad"
In-Reply-To: <3087F1A2@mailer2>
Message-ID: <Pine.LNX.3.91.951021200919.452A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, 20 Oct 1995, Paul Koning 1695 wrote:
>
> I'd be interested in reactions to the article in Network World, 10/16/95
> issue,
> page 53. It describes a supposed cryptosystem that sounds bogus, but
> I can't make up my mind about how much is the system and how much is
> the confusion of the author.
I have heard a lot about the Elementrix POTP encryption algorithm. I remain
skeptical of this algorithm until the source code is released.
> Among other things, it says that POTP "doesn't use an encryption algorithm;
> instead it synchronizes random processes on two computers as they
> communicate". (I wonder if the author understands that that's just another
> way to describe encryption algorithms...)
I don't believe this is an error caused by the author's ignorance of
encryption. I remember hearing the same exact thing about POTP "not using an
encryption algorithm" from one of the Elementrix spokespeople.
> The other claim is that it
> eliminates
> the need to manage keys. "... there is no need for central servers where
> PGP
> keys ... are kept".
>
> This seems like a strange claim because of course PGP doesn't require
> central servers, but more importantly, you can't do authentication without
> at least one piece of keying data being established out of band. That
> could be a certification authority public key, but you need something
> to get started.
>
> Supposedly this thing was shown at Interop. Did anyone see it, and does
> the product make sense even if the article didn't?
I downloaded the secure email client for windoze and it seemed to make sense.
I might have misunderstood the documentation but it says that it has to
establish a "secure channel" with the other person by reciprocating emails with
what I would guess to be key synchronization data. FYI, this client is
available from the Elementrix FTP site at ftp.elementrix.com.
----------------------------------------------------------------
`finger -l markm@omni.voicenet.com` for public key and Geek Code
Public Key 1024-bit: 0xF9B22BA5
Fingerprint: BD 24 D0 8E 3C BB 53 47 20 54 FA 56 00 22 58 D5
Return to October 1995
Return to “Paul Koning 1695 <pkoning@chipcom.com>”