From: walrus <walrus@tcgcs.com>
To: cypherpunks@toad.com
Message Hash: 7aadb794dfd115a8c429b20935498bed345cfad57f75c3e193914280a86f1ce7
Message ID: <199610200808.IAA15049@tcgcs.com>
Reply To: N/A
UTC Datetime: 1996-10-20 07:34:05 UTC
Raw Date: Sun, 20 Oct 1996 00:34:05 -0700 (PDT)
From: walrus <walrus@tcgcs.com>
Date: Sun, 20 Oct 1996 00:34:05 -0700 (PDT)
To: cypherpunks@toad.com
Subject: [crypto-philo]OTP or DES?
Message-ID: <199610200808.IAA15049@tcgcs.com>
MIME-Version: 1.0
Content-Type: text/plain
There is a thread going in coderpunks about some software company that
claims to have invented a software OTP that uses a PRNG. The local experts
have ruled that this is impossible and I would have to agree, but this
thread got me thinking. I would argue that the security of an OTP is
derived not from the fact that it really is secure, but from the fact that
it is claimed to be an OTP. Imagine a plaintext, encrypted with triple-des.
It looks like a bunch of 1's and 0's to the casual observer, but to you it
is your secret plan to take over the world. Or so you would have us believe
if we crack the cypher.
actually you plan to take over the world using a completely different plan.
It is quite easy to take the bits of the des-encrypted message, and
calculate the OTP key nessasary to decrypt the message into your real plan.
It would seem you could build a key to have your message say anything of
equal length. Why then must a true OTP be based on a true RNG? Because one
of the actual possible keys of a real OTP is indeed the encrypted des
message, you can claim that it is an otp and no-one can prove otherwise.
They can say "But we cracked your des key and can decypher this message!"
and you say "nope i used an OTP, that is a false message, here is what it
really says! The fact that by PURE coincidence that OTP could be decrypted
using that particular key means nothing, because a true OTP can generate
that bit sequence.
So in conclusion i would say that we can give pgp complete and perfect
security but the simple process of changing the header from ---Begin PGP
message--- to
----Begin OTP message----. This makes you immune from decryption because no
one will ever know or can ever prove that the decryption they got is the
correct one.
Any comments?
Walrus
Return to October 1996
Return to “walrus <walrus@tcgcs.com>”