From: stevenw@best.com (Steven Weller)
Date: Tue, 20 Feb 1996 15:57:45 +0800
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Message-ID: <v01540b0bad4f1941ad31@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



Some thoughts on the rash of IPG OTP cluelessness:

If I set up a radioactive source, I can almost certainly get 1000 bits per
second of random data from it. Chop it up into 5 second chunks and sell em.
That's 5000 bits without all that messy rotor stuff.

Why throw out 30% - 50% of the OTPs? Any filtering algorithm will reduce
the randomness of the resulting numbers. My guess is that the "hardware"
randomness generator has very little entropy and a) produces numbers with a
bell curve distribution, so concentrating what little entrpy there is, and
b) *repeats* a whole lot of the time. That's what they throw out.

They know that encryption has something to do with prime numbers so they
throw in a little obfuscation with the rotor thing. Why bother?

And of course, since they supply all the locks and all the keys, they can
search for, locate, and read anybody's communication whenever they want.


-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995