From: "Dana W. Albrecht" <dwa@corsair.com>
Date: Mon, 23 Oct 95 14:24:54 PDT
To: cypherpunks@toad.com
Subject: Info: Elementrix POTP
Message-ID: <199510232119.OAA08030@elmos.corsair.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarded from sci.crypt:

In article <45t9oh$6vd@newsbf02.news.aol.com>, whmurray@aol.com (WHMurray) writes:
> In article <45qkp5$8rh@netaxs.com>, grendel@netaxs.com (Michael Handler)
> writes:
> 
> >It 
> >looked somewhat like a stream cipher that generates its key by measuring 
> >packet lag over TCP/IP. General consensus was that any key determined 
> >from public information wasn't secure.
> 
> It uses a new symmetric message key for each message.  The key for message
> n is a function of that for message n-1 modulated by the content of
> message n-1.  However, it operates at the message layer, not the TCP/IP
> layer.  In a given population, everyone in the population can begin with
> the same key.  As messages are exchanged between any two parties in the
> population, they end up with a key which is unique to them.  The system is
> synchronous.  If any traffic between two parties is lost, they must
> re-synch; keys between each of the parties and other parties will not be
> affected.
> 
> The idea is novel and useful.   It will be resistant against most
> attackers.  It is much less resistant to attacks by nation states that
> could have a record of all traffic among all parties.  Of course it is not
> an OTP nor is it more secure than other modern systems.  If anything, it
> is a little less so, at least against those who have all of the traffic
> and to the extent that more than two parties start with the same initial
> key.  Of course, its strength is to permit all members of the population
> to begin with the same key while ensuring that members of the population
> are safe from each other.  It also ensures that compromise of the initial
> key is not sufficient to read traffic.  One must have all the intervening
> traffic.  Thus, if one comes to the party late, learning the initial key
> will not enable one to read current traffic.
> 
> >OTOH, I saw a press-release on Cypherpunks a week or two back that 
> >claimed Whitfield Diffie and David Kahn had both examined the algorithm 
> >under NDA, and both were blown away by it. OTOOH, I don't know how much 
> >Diffie and Kahn know about TCP/IP.
> 
> Diffie knows enough; Kahn less.  However, both are geniuses and know what
> they need to know.  As to their being "blown away," I tend to doubt it. 
> The idea is useful but not revolutionary.
> 
> >We'll know for sure when they release the details of the spec. And, if 
> >they go to the logical conclusion of all this secrecy and they *don't* 
> >release the spec, it won't be worth a bucket of warm snake oil.
> 
> If they have applied for a patent and if the effectiveness of the scheme
> does not rely upon secrecy of the scheme, then of course there is no
> reason for secrecy.  They sent me an evaluation copy of the program and
> have been fairly open in discussing it.  (No one has suggested an NDA or
> even that there were any secrets involved.)  While for security I would
> rather have Lotus Notes or Secure Exchange, for ease of administration
> this program has advantages.
> 
> The product is interesting and less bogus than your meters might lead you
> to believe.  Few of us would like to have our products evaluated strictly
> on the basis of press releases and reports.
> 
> I believe that the scheme infringes patents of which I am aware.
> 
> 
>