1996-11-24 - Re: IPG Algorith Broken!

Header Data

From: The Deviant <deviant@pooh-corner.com>
To: Dale Thorn <dthorn@gte.net>
Message Hash: 1c70eed82d713bf19bb4b0ed1c613422ec53a7127d06d6697919e0b86de78c05
Message ID: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
Reply To: <3297C65F.4F7@gte.net>
UTC Datetime: 1996-11-24 14:54:43 UTC
Raw Date: Sun, 24 Nov 1996 06:54:43 -0800 (PST)

Raw message

From: The Deviant <deviant@pooh-corner.com>
Date: Sun, 24 Nov 1996 06:54:43 -0800 (PST)
To: Dale Thorn <dthorn@gte.net>
Subject: Re: IPG Algorith Broken!
In-Reply-To: <3297C65F.4F7@gte.net>
Message-ID: <Pine.LNX.3.94.961124145135.15531A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 23 Nov 1996, Dale Thorn wrote:

> Igor Chudov @ home wrote:
> > Black Unicorn wrote:
> > > On Sat, 23 Nov 1996, Eric Murray wrote:
> > > > John Anonymous MacDonald writes:
> > > > > At 8:09 AM 11/23/1996, Eric Murray wrote:
> > > > > >No, you can't.  It's impossible to prove an algorithim unbreakable.
> 
> > > > > No?  Please prove your assertion.
> 
> > > > You can't prove a negative.  The best IPG could say is that
> > > > it can't be broken with current technology.
> > > > Next week someone might come up with a new way
> > > > to break ciphers that renders the IPG algorithim breakable.
> 
> > > Someone needs to write an IPG and Don Wood FAQ.  No, I'm not volunteering.
> 
> If you want to do that, why not do so as a response to Don's FAQ?
> 
> > As a crypto amateur, I would appreciate a good technical explanation as
> > to why IPG's algorithm cannot be considered secure.
> 
> Is the concept here that:  Whereas conventional crypto generates/hashes
> a *key* with which to encode the text, IPG generates a *pad* from a key,
> more or less the length of the text, with which to encode the text??
> 
> It seems to me they're putting an additional layer of stuff ("OTP") between
> the key generation and the actual encoding, so what's the problem with that,
> as a concept?

a) what they're claiming is OTP isn't OTP.  They use algorithmicly
generated "random" numbers.  Random numbers can't be algorithmicly
generated.  If the numbers in "OTP" aren't random, it isn't OTP.  Its also
very vulnerable.

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

Traveling through hyperspace isn't like dusting crops, boy.
                -- Han Solo


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMphhTDCdEh3oIPAVAQHkUwf/TrWD92xbC+jE+FT4rZ0OFeNmhwqrd+wn
nQOuazsKxmeK9+Kcp8/RUX9gQB6zIDiweEJJYStZvN/U+PEWOxOlFbaoFyMw5iVv
t832kYmtuNS1mqOwN8FK1EJrV6m3dI+zLq1+svfjwkKOpmwhMJsOyYEkiR9zuH9a
68Bdlioksutw/GIfkfQ6NFIgGxhN5736Mg6On8rq8Y+pdgg6ce3vIsxYydj/bE8s
W2v//wNFSvLY0iOVK0weHX9rGL1W0ITH34gfiSct6cZZYLMdxynjLm+NmENontQo
mW9ry3h9t/H/IwadXLt3I3PjzY6pNiQYmMWXuNk5X43rjV2wPweCCQ==
=uZnB
-----END PGP SIGNATURE-----






Thread