1996-10-22 - Re: Q.E.D. reply to Perry Metzger

Header Data

From: paul@fatmans.demon.co.uk
To: cypher@cyberstation.net
Message Hash: 43bcad63c42a9ac121956090ce2ec1b216b87ed9bc8d9afa4e9de9ca894791b2
Message ID: <846000193.16815.0@fatmans.demon.co.uk>
Reply To: N/A
UTC Datetime: 1996-10-22 16:44:15 UTC
Raw Date: Tue, 22 Oct 1996 09:44:15 -0700 (PDT)

Raw message

From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:44:15 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Q.E.D. reply to Perry Metzger
Message-ID: <846000193.16815.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> As in so many other cases, you are so F.O.S. that it is
> unbelievable. Your eminence pontificating about it does make
> it true. 

No, Mathematical proof makes it true...


 
> thus the algorithm must be attacked analytically - as EVEN you, or anyone else,
> will be able to clearly see, if you examine the algorithm, it cannot be
> attacked analytically. 

Absolute sanctimonious twaddle, the algorithm has already been 
analytically compromised by Adam Shostack with a known plaintext 
attack requiring only a few bytes of known text, I have also 
theoretically compromised the system using timing attacks, 
furthermore I believe that linear and differential cryptanalysis may 
provide an even more efficient attack, though I have yet to take the 
time to see if this is indeed true, whatever the case, the algorithm 
is broken, there is nothing more to discuss
 
> My algorithm most certainly does NOT produce a theoretical pure Random
> Number Stream, accordingly it is a PRNG, but it most certainly does
> produce an OTP that meets each and every requirement of such, other
> than some theoretical definition that you seek to impose on it by your
> dogmatic words. You do not have to take my word for it, the FULL
> ALGORITHM, which has never before been published, is set out on our web
> site.  

For the last time it is not a one time pad, it is a stream cipher, 
and furthermore it is an insecure stream cipher, soon available in a 
town near you.
 
> There is no mathematical proof that my PRNG streams are not an OTP -
> because they are OTPs. There are 156.8816 megabytes of raw encryptor
> stream data at our site. They constitute 10 OTPs, all using the same key,
> only the message numbers vary.but with different message numbers only.

As I said, they are not OTPs and they never will be, they are not 
provably secure and are therefore not a one time pad.

> You are so vane, so crass, so dogmatic, so blinded by your opinions,
> that you obviously look at yourself in the mirror wheneever given the
> opportunity. You do not know what the hell you are constantly
> pontificating about. talking about and including the one under discussion
> herein. Why not show everyone your prowess by telling us what the key and
> the As, Bs, and Cs, are they were used to generate the 156.8816 megabytes
> referred to above. Of course, you cannot, so you bray like an ass to cover
> up your crypto impotence.

Well said Perry.
 
> > >          Accordingly, obviously it is they, not us, who are
> > >          the ones that have "Nihil Est Demonstrandum," in this matter.

It appears the IPG guy needs to perfect his Latin too, the phrase is 
nihil est demonstratum - nothing has been proved (perfect tense)
There is no such Latin word as demonstandum.

> > >          While the vast majority of people knowledgeable about
> > >          cryptography have not heretofore believed that it is possible
> > >          for software to produce an OTP,

And what they know believe is that you are a fool, in addition to 
this they can prove mathematically that the system you have put 
foward is a stream cipher and not a one time pad, and that it is 
insecure.

> > The information content, or entropy, of the key stream is necessarily
> > no larger than its keyspace. That is, if you have a software
> > pseudo-random number generator using an N bit seed, the entropy of the
> > keyspace is necessarily never greater than N. This is mathematically
> > certain -- no amount of prayer on your part can change that.
> > 
> > >          that does not make it a
> > >          scientific fact,

Absolutely, your system is therefore provably not a one time pad, the 
very definition of which is that it has equal or greater state than 
the message it is used to encrypt.


> It is absolutely not perfect in the Shannon sense, but it does not have to
> be theoretically perfect to fulfill the requirement of being an OTP. You
> definition of an OTP, or a OTP as you mistakenly refer to it, is an
> extraneous mathematical definition that people have mistakenly
> extrapolated from Shannon.   

Rubbish, we have not extrapolated anything, Shannon proved in a 
statistical framework of pure mathematics that the only provably 
secure system is a true one time pad, NOT you system.

> > >          In support of their position, some have pointed out that John
> > >          von Neumann, to paraphrase, stated that ARITHMETIC cannot
> > >          produce random numbers,
> > 

<SARCASM>
So you are claiming now that your system does not use arithmetic? - 
tell us how my good man, you may well have discovered the worlds 
first non arithmeric algorithm to use a purely arithmeric machine to 
execute it.
</SARCASM>

> There you go again, pulling things out of you crazy hat, head, running
> off at the brain again, stating a falsehood and hoping that people will
> overlook it. I assume that you held a seance with von Neumann and he told
> you that from the great beyond, since that is clearly not what he said. A
> careful reading of von Neumann does not reveal that he said one thing and
> meant another. He used the word ARITHMETIC, if he meant something else he
> world have said so. Furthermore, he was referring random numbers, and to
> repeat emphatically, my algorithm is a PRNG, but  it  also happens to be
> an OTP, as we can prove. Q.E.D.    

The above passage is an oxymoron, it is plainly a contradiction in 
terms to call a PRNG an OTP.
  
> > >          We stipulate the obvious fact that the encryptor stream
> > >          generated by EUREKA is a PRNG stream, though we do consider
> > >          it gross denigration to castigate it as ONLY a PRNG stream.

It is not only a PRNG stream, it is an insecure PRNG stream as Adam 
and I have shown.

> It is a stream cipher, but it is also an OTP, just as a hardware sourced
> RNG is a stream cipher that is also an OTP.

Rubbish.

If the entropy is limited, you do not have a One Time Pad, period, end
of discussion, its over.

> And for you to claim that my contention is analogous to comparing bread
> to an automobile, petty nonsense and mindless hyperbole. 

Your whole diatribe on this subject has been utter bullshit, 
throughout the whole discussion you have made no effort to listen to 
what people have said, and you have made no effort to understand our 
attacks on your system, god only knows why we bothered, you system 
really doesn`t deserve our valuable time.

> > >          Think about that simple supposition for a moment. What do we
> > >          mean by an OTP?

An insecure stream cipher you are planning to flog to unsuspecting 
people knowing nothing about cryptography using the same mindless 
technobabble and high worded crap you have used on this list.

We have already established that your cipher is easy to
break, so your mindless babble that it is secure really don't matter.

We will ignore you from now on, you are really just an insignificant 
silly little man...

 

  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"





Thread