1996-02-26 - Percy the Python loves IPG

Header Data

From: ab411@detroit.freenet.org (David R. Conrad)
To: cypherpunks@toad.com
Message Hash: 07f99373ebb3b4bd0ac097303d50be78f8442908e6e410f01247a340c776c056
Message ID: <199602260341.WAA26557@detroit.freenet.org>
Reply To: N/A
UTC Datetime: 1996-02-26 04:06:21 UTC
Raw Date: Mon, 26 Feb 1996 12:06:21 +0800

Raw message

From: ab411@detroit.freenet.org (David R. Conrad)
Date: Mon, 26 Feb 1996 12:06:21 +0800
To: cypherpunks@toad.com
Subject: Percy the Python loves IPG
Message-ID: <199602260341.WAA26557@detroit.freenet.org>
MIME-Version: 1.0
Content-Type: text/plain




I think the IPG system is great!  Percy, my pet python, has never been
slicker or better lubricated!

IPG Sales <ipgsales@cyberstation.net> wrote:
>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

What you have, as far as I can tell, with your "random-number-rotor-large-
random-prime-number-rotor-wheels", is a proprietary encryption algorithm
that uses a 5600-bit random number as a key.

There are two points on which you are to be commended.  5600 bits is
plenty large as a key (excessive, even), and you claim to generate the
key with a true hardware RNG.

Unfortunately, you are undone by two points which go against your scheme.

First, your algorithm is proprietary, and as such is probably not worth
a hill of beans.

Second, the keys to your system are known to three parties: the sender of
a message, the recipient of that message, and your company!  This means
that your company can intercept and decrypt any message that uses your
system.  All that is required is to keep a record of all keys generated
and who they were distributed to, and to know the identities of the
people communicating.

You've already indicated, when you claimed "790 gigabytes" of data
generated for testing with "multiple backups", that your company has
the capability to store and access multiple terabytes of information.

I'm sure you will protest your honesty; you may even *be* honest, but the
security of your system will rely not only on the security of the algorithms
and their correct implementation, but also on the honesty of your company
and every employee who ever works for it.

I don't need to trust R, S, and A whenever I use RSA, so long as the
algorithm is secure, and correctly implemented.

> Just becuase we
>convert over from a full OTP to a prime number wheel system configured
>from the OTP doers not mnean that the result is not an OTP

Of course it does.  Which part of "One" don't you understand?


--
David R. Conrad, conrad@detroit.freenet.org   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce





Thread