1995-11-07 - RE: using pgp to make an otp

Header Data

From: amp <Alan.Pugh@internetMCI.COM>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: e76e643c743afaac610b3d241d43cc4a5d5d3bc127f7385cdfbcd300eff9d241
Message ID: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
Reply To: N/A
UTC Datetime: 1995-11-07 03:03:53 UTC
Raw Date: Tue, 7 Nov 1995 11:03:53 +0800

Raw message

From: amp <Alan.Pugh@internetMCI.COM>
Date: Tue, 7 Nov 1995 11:03:53 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: RE: using pgp to make an otp
Message-ID: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET>
MIME-Version: 1.0
Content-Type: text/plain


-- [ From: amp * EMC.Ver #2.3 ] --

> While in theory the output of PGP would be ``random'' enough for a
> one-time pad, you need to take into account that there is ``header''
> information in a PGP message.  This info in the first several bytes
> indicates which key was used, how big the message is, whether the
> receiving PGP should save the decrypted file, etc. This part is not
> very random at all.

i understand the non-random portions of the pgp output, which is why i
specified in my origional message that the 1st 20 or so lines would find
their way to the bit bucket.

> The weakness in this method is that the ``key'' to the OTP is composed
> of the PGP encryption key and the plaintext used to generate the
> pad.  Both would have to be fairly well protected to prevent a bad
> guy from either a) generating his own copy of the OTP by obtaining
> the key and plaintext or b) forcing you to use a known OTP by munging
> your copy of the key or plaintext.

i'm confused here. how would the 'key' to the otp be related to my pgp
encryption key? if i strip off all the identifying information that pgp
uses to recognise how to decrypt a message, and destroy the 'clean' copy of
the file(s) that eventually became part of my otp, how could the resulting
output be tied to my key? if it could, then pgp is less secure than i give
it credit for being.

if your objection is based on the fact that my public key is a known entity,
, this can easily be bypassed by creating a brand new key from a freshly
unzipped copy of pgp. use that key to create the otp, then destroying the
key(s) used to create it.

> This technique does have its uses.  For instance, if you use DES you
> can ``seed'' it with a value, then by re-encrypting the output of DES
> repeatedly you can generate an essentially random sequence of
> values.  This can be used as a OTP for a stream cypher.

isn't this essentially what i'm doing? if it is necessary, i can do
this...(assuming a virgin key)
1. create a cyphertext of a file.
2. strip the indentifying lines.
3. create a new cyphertext from the resulting file. 
4. repeat until paranoia level < comfort zone.

my point here is that _if_ pgp output is random enough, i wouldn't need
hardware. even i, with my extremely limited programming skills could create
a .cmd file or program that could be used as imput for a stream cypher.

imo, for crypto to be useful, it has to be easy. i'm trying to find a way
to do this that can be implemented anywhere.






Thread