1995-11-07 - Re: using pgp to make an otp

Header Data

From: Adam Shostack <adam@homeport.org>
To: Alan.Pugh@internetMCI.COM (amp)
Message Hash: 13437d697a03f7d3dac31adfba2395ef376e02a9953ee5a9da082dc8bf85ab07
Message ID: <199511070407.XAA04557@homeport.org>
Reply To: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
UTC Datetime: 1995-11-07 05:35:43 UTC
Raw Date: Tue, 7 Nov 1995 13:35:43 +0800

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Tue, 7 Nov 1995 13:35:43 +0800
To: Alan.Pugh@internetMCI.COM (amp)
Subject: Re: using pgp to make an otp
In-Reply-To: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <199511070407.XAA04557@homeport.org>
MIME-Version: 1.0
Content-Type: text


amp wrote:

| my point here is that _if_ pgp output is random enough, i wouldn't need
| hardware. even i, with my extremely limited programming skills could create
| a .cmd file or program that could be used as imput for a stream cypher.

	PGP output is not random enough to be used for a one time pad.
The security of a OTP is *entirely* based on the quality of the random
numbers; they should come from some strong generator.  Building good
one time pads is tough, and usually not worth the effort.


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread