From: Derek Atkins <warlord@MIT.EDU>
To: Adam Shostack <adam@lighthouse.homeport.org>
Message Hash: a46013ef7d2bcc03cf48cd8f25fcbd1e6cedb5b03e99d9f6083fda6815aaaac0
Message ID: <199511070431.XAA17598@toxicwaste.media.mit.edu>
Reply To: <199511070407.XAA04557@homeport.org>
UTC Datetime: 1995-11-08 21:33:52 UTC
Raw Date: Thu, 9 Nov 1995 05:33:52 +0800
From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 9 Nov 1995 05:33:52 +0800
To: Adam Shostack <adam@lighthouse.homeport.org>
Subject: Re: using pgp to make an otp
In-Reply-To: <199511070407.XAA04557@homeport.org>
Message-ID: <199511070431.XAA17598@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
> PGP output is not random enough to be used for a one time pad.
> The security of a OTP is *entirely* based on the quality of the random
> numbers; they should come from some strong generator. Building good
> one time pads is tough, and usually not worth the effort.
No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
random enough for an OTP. The problem then becomes distributing this
data.
-derek
Return to November 1995
Return to “Derek Atkins <warlord@MIT.EDU>”