1996-02-19 - Re: Internet Privacy Guaranteed ad (POTP Jr.)

Header Data

From: IPG Sales <ipgsales@cyberstation.net>
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Message Hash: 8a58e7dc9d39690fd66b8623db0d87558006910cec7ddab582a355633d571006
Message ID: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
Reply To: <199602190942.EAA30761@thor.cs.umass.edu>
UTC Datetime: 1996-02-19 22:10:23 UTC
Raw Date: Tue, 20 Feb 1996 06:10:23 +0800

Raw message

From: IPG Sales <ipgsales@cyberstation.net>
Date: Tue, 20 Feb 1996 06:10:23 +0800
To: Cypherpunks Mailing List <cypherpunks@toad.com>
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <199602190942.EAA30761@thor.cs.umass.edu>
Message-ID: <Pine.BSD/.3.91.960219132531.301A-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain


Mon Mar 19,1996

Obviously you want to criticise without investigation. He who knows all, 
   knows little, or nothing accoring to Einstein.

On Mon, 19 Feb 1996 lmccarth@cs.umass.edu wrote:

> "Internet.Privacy.Guaranteed (IPG)" writes:
> >	   CRE Transforms,
> >          trademark IPG, are the only acknowledged unbreakable method
> >          of so transforming digitized information. There are no
> >          passwords, encryption keys, or anything like that to conjure
> >          up, remember, and perhaps forget. 
> 
> Neat trick, unless they're using biometrics, which doesn't appear to be the
> case :}
It uses one time pads - yes - but true OTPs, not random number generators 
with a key like the POTP people. The mere fact that POTP sells the entire 
package, should tell you something. For long Messages, the basic kernel 
of our system is also a random number generator, but the source key, 5600 bits,
is a true random one time pad generated from a hardware source. 

>From that 5600 bits, a combination of a prime number numbers, picked from 
a large random table, by 512 of the random bits, ie 64 large prime 
numbers, and the other random bits are used to generate the random numbers 
used. This in effect creates a humoungous cycled encryption wheel 
system, with over 10 to the 2300th power possibilities before repeats, 
similar to engima but more like the most secured electronic encryption 
systems used prior to the advent of computers.
> 
> [...]
> >                      Don't Waste your time !
> 
> I think they just said it best themselves, but I'll comment a bit more....
> 
You obviously are too informed - since you already know everything, 
perhaps there is nothing more for you to learn so you are right, don't 
waste you time, since you already know, But others, less informed, might 
discover that they do nnot know everything
> [...]
> >          Every informed expert of the
> >          technology will confirm, without reservation, that the IPG
> >          system is not breakable, as many already have!  
> 
> All under NDA, I suppose. Note that they don't even name an "informed expert of
> the technology"; at least the POTP people gave some names.
We did refer people to Paul Leyland as you note in your next paragrapgh - 
Unlike PGP, and other RSA systems, DES, and even POTP, the PCX Nvelopes 
system is mathematically unbreakable - if you labor uner the delusion 
that the PGP protects your privacy be our guest. Ask yourself " Why are 
Freeh, Gore and all the others not screaming more than they are about 
RSA systems, DES systems and so forth? They are talking about 
interceting 1 in 100 messages n urban areas, are they doing it 
because they want to waste their time?
> [...]
> >          A fully
> >          operational integrated multi-user system costs approximately
> >          $140.00 per user, ready to load and go, with thousands, or
> >          millions of Nvelopes and Nvelopeners. IPG also offers full
> >          turnkey leases at $15.00 per user, per network, per
> >          month, which includes all software, upgrades, administration,
> >          and unlimited Nvelopes and Nvelopeners.
> >
> >          As a reference to its unbreakability, we refer you to an
> >          article by Paul Leyland on Internet at:
> > 
> >              http://dcs.ex.ac.uk/~aba/otp.html
> 
> Clearly they (claim to) offer some sort of system using One Time Pads.
> Notice the price quote of "$15.00 per user, per network, per month" including
> "unlimited Nvelopes and Nvelopeners". I suspect this means that they're
> basically selling chunks of (pseudo- ?)random data for as much as $15/person 
> each month!  I guess it's nice work if you can get it. At that price, one
> would hope that they're at least generating truly random bits from a hardware
> source. But their skimpy details on their proprietary processes don't
> inspire confidence....
Every message is encrypted with a separate Nvelope, and as indicated in 
our site, nver repeated. If the message is less than 5600 bits, it is a 
true random one time pad, from hardware sources - if longer, the one time 
pad becomes a random number generator as partially explained previously.
Each nvelope, hardware one time pad, an ADC LOB system,  is used once and 
only once, the system absolutely precludes reuse.  The $15.00 per moth 
keeps all users supplied with the necessary one time pads, which in the 
case of high volume business users might be a few hundred a day, a stock 
broker, anb accountant, auditor, an attorney or the like.
 > >          For more information visit our Web Site at:
> > 
> >              http://www.netprivacy.com/ipg
> 
> In case you didn't get enough hyperbole from the press release, they have
> extra helpings on the Web. This site has numerous pages containing precious
> little real information. I found a few tidbits in unlikely places, though:
> 
> In http://www.netprivacy.com/ipg/mlmplan.html, which incidentally promises
> that they "can help you to make some big bucks through the PCX Nvelopes
> Multi - Level - Marketing Plan", it says:
> 
> > With our manufacturing process it is relatively easy for us
> > to manufacture a ready to go system, for 25 users, or for
> > 2,500 users.  All the user has to do is to prepare a
> > DIR.LST, a Directory Listing of the users. We use that as
> > the template and manufacture the system. 
> 
> This is actually a little scary. According to one of their other web pages, 
> the DIR.LST file is a numbered list of user names and email addresses. So it
> appears that a customer hands over a list of names and addresses, and IPG
> assigns a set of one-time pads (or something) to each pair of users on the 
> list. (Holy combinatorial explosion.) And now IPG knows the one-time pads that
> will be used between any pair of email addresses on the list it has !  
> The EES is starting to look attractive by comparison. 
> 

Obviously you again already know everything, so there is no need to 
try to explain it to you, but others might be interested. As to 
combinatorial explosion, it really ius not as ad as people might think!
A user does not jave to keep all the combinations, only the ones paired 
with, thus in a thousand user system, there is only a need for 999 paired 
Nvelope and Nvelopeners, and some of those will little usage. We keep 10 
Nvelopes/Nvelopeners for each pair, 20 in duplex, and each is 700 bytes.
Thus in a 1000 user system, about 7.2 MB would be required to handle all 
the one taime pads, a lot os space but not unmageable, As Nvelopes are 
used, they are replensihed accordingly to a heuristic algorithm built 
into the system. 
  
> > It becomes a load
> > and go installation at each of the user sites. 
> 
> Gee, why are we all so worried about key management ?  It's just a load and
> go installation at each of the user sites !  ;)
> 

That is precisely why PCX Nvelopes is such an extraordinary system. 
That is the beauty of PCX Nvelopes, it lifts that  burden from the 
user, eliminates it entirely. You may have worried about key 
management, but with our system, you will not have to do so in the 
future. The system itself, manages all the OTPs, you do not have to do 
anything but use the system. Key management is the problem with all existing 
systems, but it is no problem at all with the PCX Nvelopes system, as you would 
see if you looked at the system, instead, of talking about something 
when you have no idea at all of what it is about. The first set of keys 
must be sent by a secure source, US mail, FED EX, or whatever, but
thereafter, all updates can be accomodated over Internet. 


 > > We will even prepare, or help prepare, the DIR.LST for 
users. > >
> > While we have the software and manufacturing facility to do
> > that quickly, it is not easily transportable, to say the
> > least, and certain aspects of it, we consider highly proprietary.
> 
> "not easily transportable, to say the least" ???  
> Any ideas to what this might refer ?
The combinatorial problem that you referred to previously, would indeed 
generate almost 500,000 pair sets, which we call packets. What is the 
best way to generate those 499,500 sets? 999 We can automatically generate 
them, and all the software that goes with them on 1000 sets of 6 diskettes
each, each of which goes through a separte verification process, and certification 
process, larger systems are delivered in parts, two diskettes 
direct, and the others over internet. 

> 
> OK, I saved (IMHO) the best for last. I suppose this could be taken as a claim
> about their proprietary, immobile RNG methods:
> (from http://www.netprivacy.com/ipg/comp.html)
> 
> >         How do we Achieve such High Standards?
> >                  First Class Quality Control!
> >
> > We achieve unusually high standards of excellence because
> > of the manufacturing process. Over 30%, sometimes as high as 
> > 50% or more of our Nvelopes, Nvelopeners, are discarded 
> > because they cannot meet our rigid standards. Also our 
> > Nvelopes and Nvelopeners are subjected to a battery of 
> > performance tests to insure that when used, they will meet the 
> > high standards that you would expect.
Every onetime pad is subjected to analysis at the bit level, character 
level, couplet level, triplet level, and set level, 5600 bits. As you 
might, but probably do not know, all hardware generation of OTP's are 
irregular, otherwise they are not random. Thus at times, a hardware 
source, such as ADC LOB system, can generate nonrandom data, unless 
this is checked, it can destroyed the integrity of your system. At all 
levels, we check standard deviation, chi Square, Delta IC, and other 
statistical tests. Moreover, we check sets of packet, at the 2, 4, 8, 
16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384 etal. Our 
packets are random, and you can take that to the bank.   

> 
> <sigh> It's a jungle out there....
> 
> -Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
> 	your bargains, push your papers, win your medals, fuck your strangers;
> 	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)
> 
 <sigh> - Einstein - He who thinks that he knows everything, knows 
                     nothing.






Thread