1995-10-24 - Elementrix’s so-called “Power One Time Pad”

Header Data

From: Flame Remailer <remailer@flame.alias.net>
To: elementrix.co.il.info@elementrix.co.il
Message Hash: e26e7e4965b139edd5124a319a3699c38d43d2c38e8b25bf8f690085c8064a33
Message ID: <199510242011.VAA16761@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-10-24 20:22:58 UTC
Raw Date: Tue, 24 Oct 95 13:22:58 PDT

Raw message

From: Flame Remailer <remailer@flame.alias.net>
Date: Tue, 24 Oct 95 13:22:58 PDT
To: elementrix.co.il.info@elementrix.co.il
Subject: Elementrix's so-called "Power One Time Pad"
Message-ID: <199510242011.VAA16761@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain


Essentially what these guys are selling is a secret key algorithm in which
the key for any given message is a function of some initial seed value,
and of hashes of all previous messages transmitted between the two parties.
So in theory, to break the code, one would need to know not only their
initial key, but also all of the messages trasmitted between them so far.
A similar result can be achieved by encrypting with PCBC, or other feedback
mode involving plaintext, and carrying the IV from the end of one session
to the beginning of the next.  This is not, of course, a one-time pad, and
hardly "groundbreaking" or "revolutionary".

While such a system could be designed securely in theory, the folks at
Elementrix appear to have little experience at designing secure
cryptographic systems.  Cryptographic systems designed by such novices
frequently have bugs in the implementation which weaken the security
offered, or have statistical weaknesses which allow cryptanalytic attack. 
Elementrix has offered no assurances that they have tested their system
for either.  Beware of snake oil.





Thread