From: paul@fatmans.demon.co.uk
To: cypher@cyberstation.net
Message Hash: 882e8d1f724a3a7efbd76722c4674dcaec0d2e0256a80e0a0e4435ee29820a1a
Message ID: <846000190.16798.0@fatmans.demon.co.uk>
Reply To: N/A
UTC Datetime: 1996-10-22 16:28:38 UTC
Raw Date: Tue, 22 Oct 1996 09:28:38 -0700 (PDT)
From: paul@fatmans.demon.co.uk
Date: Tue, 22 Oct 1996 09:28:38 -0700 (PDT)
To: cypher@cyberstation.net
Subject: Re: Apologies and Clarifications -
Message-ID: <846000190.16798.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
> The assertion that an Ub must be an Rb, a truly Random bit,
> is irrelevant ideology unless there exists the means to
> convert the Unknown bit, Ub, into a Known bit, Kb.
This is a plainly circular argument, what you are saying is that if a
bit cannot be predicted it can be used, yet it does not have to be
random.
It is patently obvious to anyone with cryptographic experience and
most people without any that to be unpredictable a stream of bits has to
be random, otherwise if there is a correlation the next bits can be
predicted from the previous bits.
> That is the sublime basis of the IPG algorithm, which is to
> generate a stream of "unknown bits" which cannot be
> analytically reconstituted in the absence of the OTP
> generator key, and possibly other related key like
> parameters.
RUBBISH, yes, I know i`m shouting but I really have taken enough of
this crap from snake oil peddlers over the years.
IF ARITHMETIC METHODS ARE USED TO CONSTRUCT A KEY THE RESULTING
CRYPTOSYSTEM IS NOT A ONE TIME PAD.... END OF STORY
You cannot mathematically prove the security of the generator used in
this system and are unlikely to be able to ever. whatever the case
you can never prove the security of the whole system, the only
provably secure system is a one time pad.
It may be predictable on output, we have already shown that it is
vulnerable to many other cryptanalytic attacks, including Adams
chosen plaintext attack and my timing attack.
The whole system has a number of gaping holes in it and no ammount of
high worded twaddle is going to make it secure.
> The additional caveat of course is that the key
> cannot be guessed, nor can it be derived from brute force
> methodologies, both of which are patently impossible with the
> IPG algorithm.
The key can probably be guessed, on first examination, which took
about 5 minutes before I dismissed the algorithm as snakeoil, the
generator appeared to me to be an array or linear congruential
generators which have been cryptanalysed and proved insecure, by this
very fact there is obviously a cryptanalytic attack waiting out there
on the generator which produces no unpredictable state whatsoever in
the "randomness pool"
> You do not have to be a Stephen Hawking to
> comprehend why that is a fact; each of you, with possible
> minor exceptions, will be able to discern that because it
> quickly becomes self evident as you ply the algorithm.
No, each of us has looked at the algorithm and decided that it is
insecure, we have even proved it to you mathematically, and if your
math was any better than high school level you would be able to
comprehend our arguments, it is abundantly clear to me that nothing,
not even the words of a world class cryptographer like Blaze or
Rivest would convice you that your system is insecure, you have gone
about creating a cryptosystem the same old way any idiot with no
experience or knowledge of cryptography does. You have made up the
most hideously complicated mess of data transformations you can
imagine then constructed an inverse function to recover the data. you
have given no thought to any complexity theoric or intuitive proof of
the security of this algorithm, just done some irrelevant statistical
tests on some keystream. your hope is that no-one else will be able
to untangle this mess, you are deepy wrong.
Please get a clue.
Datacomms Technologies web authoring and data security
Paul Bradley, Paul@fatmans.demon.co.uk
Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org
Http://www.cryptography.home.ml.org/
Email for PGP public key, ID: 5BBFAEB1
"Don`t forget to mount a scratch monkey"
Return to October 1996
Return to “paul@fatmans.demon.co.uk”
1996-10-22 (Tue, 22 Oct 1996 09:28:38 -0700 (PDT)) - Re: Apologies and Clarifications - - paul@fatmans.demon.co.uk