From: amp <Alan.Pugh@internetMCI.COM>
Date: Thu, 9 Nov 1995 10:31:08 +0800
To: John Curtis <jbell@capecod.net>
Subject: RE: using pgp to make an otp
Message-ID: <01HXEVB6V1QQ91YN41@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

-----BEGIN PGP SIGNED MESSAGE-----

From: John Curtis              \ Internet:    (jbell@capecod.net)
To:   amp                      \ Internet:    (alan.pugh@internetmci.com)

Subject: RE: using pgp to make an otp

JC> I was confused and answered a question you didn't ask. I guess you
JC> can use PGP to generate a set of pseudorandom numbers.  I'm not sure
JC> that this would be different from  using the IDEA cypher (the
JC> underlying PGP cypher) to generate random numbers.  I am also not
JC> convinced that this would be quicker or cheaper than any number of
JC> other mechanisms.

JC> If I really wanted a true one-time pad, I'm inclined to explore the
JC> thermal noise of a zener diode.

isn't the noise generated by such a diode more accurately described
as chaotic rather than random? i would think that there might be
potential problems with using chaos as a random number source. it
might be somewhat less random than you may think as most chaotic
system's 'noise' operates within definable parameters. (like a lorenz
system). i _would_ think that it would act as a most excellent prng,
but exactly how _truely_ random it actually would be i couldn't say. 
while it may not be _truely_ random, it would most likely be
cryptographically secure though. 

i think generating _true_ randomness is pretty difficult without
measuring something similar to radioactive decay. 

the system that i proposed setting up is, admittedly, a p-otp at
best. i'm much more convinced of this than i was when i initially
proposed it. the comments i've gotten on it were most enlightening.

amp
<0003701548@mcimail.com> (since 10/31/88)
<alan.pugh@internetmci.com>
PGP Key = 57957C9D
PGP FP = FA 02 84 7D 82 57 78 E4  E2 1C 7B 88 62 A6 F9 F7 
November 9, 1995   11:41
 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMKIvRIdTfgZXlXydAQG0zAf/Y0qX8X6mFa932Egm0PdBZr4RCBHqPccx
5Nb5KZi1jQPRFnoAoEgU6Z6P+SLWCGhZisn1UxvlD2eX6HbbPB/B0mHReoWw/qp2
hI7rWCn+JtSwUvxeno88zFmZ/AreAukm8LNi/PdJp+5lunDgclrOWoR5BklglqT8
iE2nxd6dhbUEKUYXzsN6yEXDRl/tUDiriEVev2YhttTZuyUg9krMa32VtyxyUCeB
UfhidSjgwkNkSO3QQaHVHUCby8NHQJPRdKR4ym8tDfFjNXxieUQKwxi8r/0ofo5g
1UxtBwJICd+/LxOZovtKGYDqHJc4vPRqdY7x4VbTff0FM4i4W0ZpUQ==
=6ty1
-----END PGP SIGNATURE-----