1996-01-18 - Re: pgp broken?

Header Data

From: hoz@univel.telescan.com (rick hoselton)
To: pitz@onetouch.com
Message Hash: 0f175957a8e7cc23f303e82d20351813bd8215aefce7b9d7914836c36909e33f
Message ID: <9601171631.AA15064@toad.com>
Reply To: N/A
UTC Datetime: 1996-01-18 02:05:14 UTC
Raw Date: Thu, 18 Jan 1996 10:05:14 +0800

Raw message

From: hoz@univel.telescan.com (rick hoselton)
Date: Thu, 18 Jan 1996 10:05:14 +0800
To: pitz@onetouch.com
Subject: Re: pgp broken?
Message-ID: <9601171631.AA15064@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:42 AM 1/17/96 -8, you wrote:
>On 16 Jan 96 at 19:16, Derek Atkins wrote:

>To give further perspective, he kept claiming that a "triple DES with 
>RS4 overlay" was the most secure method of encryption.

Well, he's wrong.  A one time pad (properly generated and used) is 
provably secure as the "most" secure cipher.  Speaking of "provably", 
ask him if he's sure that "triple DES with an RC4 overlay" is more 
secure than, say, "quintuple DES with an RC4 overlay" (since we're making 
up combinations).  I would be VERY interested in any mathematical proof or 
empirical evidence that putting the RC4 on top of the encryption would be 
more secure than doing it first or between the DES rounds.  Some pretty 
good mathemeticians have failed to produce such sweeping results (for the 
public domain, anyway.) 

Let's see if I have this right.  Someone with access to the internet claims
that 
someone with access to the DOD claims that some cipher system is good and
another 
is bad.  I have no reason to believe you.  You seem to have no reason to
believe 
him.  He does not seem to know what he's talking about, on a subject where a
great 
deal of effort is expended to promote confusion... I think I've got it!







Rick F. Hoselton  (who doesn't claim to present opinions for others)






Thread