From: Adam Shostack <adam@homeport.org>
To: Alan.Pugh@internetMCI.COM (amp)
Message Hash: 13437d697a03f7d3dac31adfba2395ef376e02a9953ee5a9da082dc8bf85ab07
Message ID: <199511070407.XAA04557@homeport.org>
Reply To: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
UTC Datetime: 1995-11-07 05:35:43 UTC
Raw Date: Tue, 7 Nov 1995 13:35:43 +0800
From: Adam Shostack <adam@homeport.org>
Date: Tue, 7 Nov 1995 13:35:43 +0800
To: Alan.Pugh@internetMCI.COM (amp)
Subject: Re: using pgp to make an otp
In-Reply-To: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <199511070407.XAA04557@homeport.org>
MIME-Version: 1.0
Content-Type: text
amp wrote:
| my point here is that _if_ pgp output is random enough, i wouldn't need
| hardware. even i, with my extremely limited programming skills could create
| a .cmd file or program that could be used as imput for a stream cypher.
PGP output is not random enough to be used for a one time pad.
The security of a OTP is *entirely* based on the quality of the random
numbers; they should come from some strong generator. Building good
one time pads is tough, and usually not worth the effort.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to November 1995
Return to “Derek Atkins <warlord@MIT.EDU>”