1996-09-17 - Re: Snake Oil FAQ 0.4 [comments appreciated]

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: The Deviant <deviant@pooh-corner.com>
Message Hash: 309969811be25441bcd25e7cf521083314746c60da3e7e471e38179386cb8aa9
Message ID: <199609170722.AAA22919@dfw-ix12.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-09-17 11:36:27 UTC
Raw Date: Tue, 17 Sep 1996 19:36:27 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Sep 1996 19:36:27 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Snake Oil FAQ 0.4 [comments appreciated]
Message-ID: <199609170722.AAA22919@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:06 PM 9/16/96 -0400, The Deviant <deviant@pooh-corner.com> wrote:


>Not to mention, the basic flaw of OTP.. if you have the only copy of the
>key, and the key is non-repetitive, how do you send the key to another
>person without being just as insecure as not encrypting it in the first
>place... almost any OTP claims are gonna be snake oil.

The way you send OTPs to people securely is to use couriers with
briefcases handcuffed to their arms, or whatever level of physical
security you need.  The kinds of things software packages can help with are
providing a friendly user interface for getting the next N bits
out of the pad and trashing them after use, keeping track of where
you were in the pad, handling the different pads you use to communicate with
different people, driving the robot arm that drops the tape into the
shredder, etc.  Slightly less trustably, they can be used to help
generate a pad by crunching down the data from your hardware random
number generators, and perhaps emailing Geiger Counter data to the
Safety Department after rounding to the nearest order of magnitude.

Somebody else wrote:
>> I would also suggest that the generation of OTP 'pads' for users is
>> *highly* questionable. Who else is getting a copy of them, assuming they're
>> even valid?
        Definitely - that concept loses big time.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto






Thread