From: don@cs.byu.edu
To: cypherpunks@toad.com
Message Hash: efefeee4c8062041621dea2f5ebee213d0cdd26a478c90ebb54c803c45d804fc
Message ID: <199602210807.BAA00723@wero.cs.byu.edu>
Reply To: <Pine.BSD/.3.91.960220184124.18188A-100000@citrine.cyberstation.net>
UTC Datetime: 1996-02-21 08:12:57 UTC
Raw Date: Wed, 21 Feb 96 00:12:57 PST
From: don@cs.byu.edu
Date: Wed, 21 Feb 96 00:12:57 PST
To: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
In-Reply-To: <Pine.BSD/.3.91.960220184124.18188A-100000@citrine.cyberstation.net>
Message-ID: <199602210807.BAA00723@wero.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
> > Do we have to show an exploitable flaw? Or we have to do the exploit? That
> > might be expensive. Who would judge the contest?
> >
> > The alogrithm aside, IPG provides the intial OTP. Seems to me that IPG can
> > read the messages. End of story.
> >
> Hedging, hedging, hedging - why? I did not noitice this in my first
I think he meant that it might cost him several $10000 in computing time to
actually demonstrate a flaw, should it be found. Proving the flaw exists
should be enough. If a company really needs unbreakable encryption, a few
hundred thou isn't too much for an attacker to pay for million dollar secrets.
On the other hand, it would be quite a bit for an individual to come up with,
just to illustrate a point.
And this thing about keeping a copy of the one-time-pad, now just why is it
that you need to at all?? After all, if it doesn't arrive safely, then who
knows who has it... And if so, then you don't need a copy that could, say,
accidently get smuggled out and sold to [foreign government, domestic
covernment, competitor, curious onlooker - pick one] for the right sum of
money.
For your next version, you might want to add in the capability for a slight
remixing of the random pool at both ends (a passphrase, for example)
protected by secure-hashing properly-sized chunks. There's nothing like
being able to lock the door behind you, ya know...
Don
- --
<don@cs.byu.edu> fRee cRyPTo! jOin the hUnt or BE tHe PrEY
PGP key - http://students.cs.byu.edu/~don or PubKey servers (0x994b8f39)
June 7&14, 1995: 1st amendment repealed. Junk mail to root@fryser.dk.net
* This user insured by the Smith, Wesson, & Zimmermann insurance company *
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMSrSo8La+QKZS485AQFXeAL6AviaeMve7k6Oh1F5qix9EOBT29wSXXMa
NAcr8PSTFfQ7kd1FHz2A1N4OPXO+AW2vVPLWiulU/bcXoP5K/+mU36wM17bo9nXz
0tiVmyZcDV4bn6Vs373oYIKt2W0rj02K
=sJQO
-----END PGP SIGNATURE-----
Return to February 1996
Return to “Tim Philp <bplib@wat.hookup.net>”