1995-10-22 - Re: “power one time pad”

Header Data

From: “Mark M.” <markm@omni.voicenet.com>
To: cypherpunks@toad.com
Message Hash: 66b0e14161eac752929a6f0af7eebfce029e8c6737b8224f4b17668b1f33ed38
Message ID: <Pine.LNX.3.91.951021200919.452A-100000@localhost>
Reply To: <3087F1A2@mailer2>
UTC Datetime: 1995-10-22 00:21:46 UTC
Raw Date: Sat, 21 Oct 95 17:21:46 PDT

Raw message

From: "Mark M." <markm@omni.voicenet.com>
Date: Sat, 21 Oct 95 17:21:46 PDT
To: cypherpunks@toad.com
Subject: Re: "power one time pad"
In-Reply-To: <3087F1A2@mailer2>
Message-ID: <Pine.LNX.3.91.951021200919.452A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain

On Fri, 20 Oct 1995, Paul Koning 1695 wrote:

> I'd be interested in reactions to the article in Network World, 10/16/95 
> issue,
> page 53.  It describes a supposed cryptosystem that sounds bogus, but
> I can't make up my mind about how much is the system and how much is
> the confusion of the author.
I have heard a lot about the Elementrix POTP encryption algorithm.  I remain
skeptical of this algorithm until the source code is released.
> Among other things, it says that POTP "doesn't use an encryption algorithm;
> instead it synchronizes random processes on two computers as they
> communicate".  (I wonder if the author understands that that's just another
> way to describe encryption algorithms...)  
I don't believe this is an error caused by the author's ignorance of 
encryption.  I remember hearing the same exact thing about POTP "not using an
encryption algorithm" from one of the Elementrix spokespeople.

> The other claim is that it 
> eliminates
> the need to manage keys.  "... there is no need for central servers where 
> keys ... are kept".
> This seems like a strange claim because of course PGP doesn't require
> central servers, but more importantly, you can't do authentication without
> at least one piece of keying data being established out of band.  That
> could be a certification authority public key, but you need something
> to get started.
> Supposedly this thing was shown at Interop.  Did anyone see it, and does
> the product make sense even if the article didn't?

I downloaded the secure email client for windoze and it seemed to make sense.
I might have misunderstood the documentation but it says that it has to
establish a "secure channel" with the other person by reciprocating emails with
what I would guess to be key synchronization data.  FYI, this client is  
available from the Elementrix FTP site at ftp.elementrix.com.
`finger -l markm@omni.voicenet.com` for public key and Geek Code
Public Key 1024-bit: 0xF9B22BA5
Fingerprint: BD 24 D0 8E 3C BB 53 47  20 54 FA 56 00 22 58 D5