1996-02-20 - Re: Internet Privacy Guaranteed

Header Data

From: Wink Junior <winkjr@teleport.com>
To: ipgsales@cyberstation.net (IPG Sales)
Message Hash: eefbf9ac5f5cadc48fc44498f907b95a73f24744ebfb9fd66d81bcb3ffd4a049
Message ID: <199602200339.TAA17670@julie.teleport.com>
Reply To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
UTC Datetime: 1996-02-20 06:14:12 UTC
Raw Date: Tue, 20 Feb 1996 14:14:12 +0800

Raw message

From: Wink Junior <winkjr@teleport.com>
Date: Tue, 20 Feb 1996 14:14:12 +0800
To: ipgsales@cyberstation.net (IPG Sales)
Subject: Re: Internet Privacy Guaranteed
In-Reply-To: <Pine.BSD/.3.91.960219183616.5326D-100000@citrine.cyberstation.net>
Message-ID: <199602200339.TAA17670@julie.teleport.com>
MIME-Version: 1.0
Content-Type: text

I've been reading the mish-mash of replies from "IPG Sales" and have been
trying to figure out exactly what it is they think they're doing.  Aside
from the crap about not revealing details due to patent-pending issues, but
claiming it's the same as a process that's been in use since 1966 (clue:
prior art == no patent) and an unwillingness to provide any names or
references for all this apart from mentioning Ms. Denning and Leyland's web
page, I think I've got something pieced together.  Perhaps IPG Sales will be
happy to tell me if I've got it right or not:

Step 1. 100 friends and I pay IPG $$$.

Step 2. IPG starts up a hardware-based random number generator, and spits out
	5066-bit chunks of random data to be used as OTPs.  Since each pair of
	friends needs unique data (wouldn't want them easedropping on our
	gossip about them), IPG will generate a large number of said chunks.
	The magic box remembers every chunk it's ever spewed and never, ever
	repeats itself.

Step 3. IPG's Kwality Kontrol Dept. will run a bunch of statistical tests on
	the chunks (did I see the standard entropy calculation in the list?)
	to make sure they look truly random.  Chunks failing the tests get

Step 4. IPG takes the surviving chunks and runs them through a "prime number
	cycle wheel" which is some kind of rotor system, with something like
	64 rotors, or perhaps 64 passes through an n-rotor system.  It produces
	primes, or works with primes, or somehow large random primes (can a
	prime truly be called "random) either come in, go out, or both.  Primes
	are involved here somehow.  In any case, whatever comes out is part of
	10^1690 (or from a previous message, 10^2330) possible results.  Why
	this matters I do not know.

Step 5. The results are somehow variable in length (?) or in some way
	eliminates the need for a OTP to be at least as large as the message
	to be encoded.  This has been claimed several times.  So somehow the
	original OTP chunk produces new pads of potentially infinite length?

Step 6. IPG mails out a lot of floppies to me and my 100 friends containing
	lots of these resultant things (which still sound like OTPs.)  I
	assume US Mail is completely trusted, data is never corrupted, disks
	are never lost or stolen, etc.

Step 7. These results act as OTPs (aka Nvelopes) that are used to encode
	the message.  My buddies use the matching chunks to decode the
	messages (aka Nvelopeners.)  The software system does all the work,
	and I don't have to do anything (much like public-key systems today.)

Err... okay, maybe I don't have this figured out.  Still sounds like OTPs,
and someone selling random data at $15 a pop per month.  Having multiple
floppies mailed to me monthly, with all the inherent difficulties, sounds
like a lot more work than public-key management.  My bozometer is pegged.

Looking forward to having my oversights corrected,

"We offer freedom to the masses.  It's a tough fight -- I'll grant you that --
but we're brave.  We're well financed.  We believe that God is on our side."
						-- Netscape CEO James Barksdale