From: Adam Shostack <adam@lighthouse.homeport.org>
To: Alan.Pugh@internetMCI.COM (amp)
Message Hash: 5a95a60e1740e211bc701aa314fea68cd5119a12734a772e6f922bce98148234
Message ID: <199511041555.KAA02171@homeport.org>
Reply To: <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET>
UTC Datetime: 1995-11-04 15:59:14 UTC
Raw Date: Sat, 4 Nov 1995 23:59:14 +0800
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sat, 4 Nov 1995 23:59:14 +0800
To: Alan.Pugh@internetMCI.COM (amp)
Subject: Re: using pgp to make an otp
In-Reply-To: <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET>
Message-ID: <199511041555.KAA02171@homeport.org>
MIME-Version: 1.0
Content-Type: text
| i may have posted this at some time in the past, as i have asked it
| elsewhere and gotten different responses. i'm interested in that the
| folx here think about it though, so here it is...
I think you should read Marcus Ranum's OTP faq, on www.iwi.com:/pubs/
| i want a source of data for use as a otp. i don't want to have to
| hook up any external devices to my pc to do it. (although some of the
| methods mentioned in the past few days are quite interesting.)
Can't be done. If you use a cipher to generate the pad, you have less
than full, honest to nature entropy, and you might as well use PGP.
Badly generated, or reused OTPs are very poor ciphers.
| i'd like to know if there was a reason not to use the output of pgp
| to do it. i've been playing with the following method. i take a file
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to November 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”