1996-02-21 - Re: Internet Privacy Guaranteed ad (POTP Jr.)

Header Data

From: shamrock@netcom.com (Lucky Green)
To: IPG Sales <warlord@MIT.EDU>
Message Hash: 3eb6c7d2ebee47afee190ea8d50297570a0775fd106150fd6e5e14e3e8ef94dc
Message ID: <v02120d1aad50107a5006@[]>
Reply To: N/A
UTC Datetime: 1996-02-21 05:53:16 UTC
Raw Date: Wed, 21 Feb 1996 13:53:16 +0800

Raw message

From: shamrock@netcom.com (Lucky Green)
Date: Wed, 21 Feb 1996 13:53:16 +0800
To: IPG Sales <warlord@MIT.EDU>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v02120d1aad50107a5006@[]>
MIME-Version: 1.0
Content-Type: text/plain

At 17:22 2/20/96, IPG Sales wrote:

>If you are able to break the system, and everyone knows what we mean by
>break, then we will publicly admit that we are snake oil salesmen, and
>all the other things that Perry Metzger and others called us.

It is by no means clear to me what "breaking the system" means. One does
not have to be able to decipher a single message to prove a system to be
insecure. Moreover, cryptanalysis is economics: is it more expensive to get
the information by analyzing the crypto than it is to get it by other

Do we have to show an exploitable flaw? Or we have to do the exploit? That
might be expensive. Who would judge the contest?

The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
read the messages. End of story.

-- Lucky Green <mailto:shamrock@netcom.com>
   PGP encrypted mail preferred.