From: paul@fatmans.demon.co.uk
Date: Mon, 25 Nov 1996 13:04:27 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: IPG Algorith Broken!
Message-ID: <848946795.108068.0@fatmans.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



>Is the concept here that:  Whereas conventional crypto generates/hashes
>a *key* with which to encode the text, IPG generates a *pad* from a key,
>more or less the length of the text, with which to encode the text??

It makes no difference whatsoever, no PRNG can have more entropy in 
the output stream than there was in the initial seed. Indeed, in 
general, the longer the PRNG runs for the more chance an adversary 
has of breaking it due to an increased amount of output.

>It seems to me they're putting an additional layer of stuff ("OTP") between
>the key generation and the actual encoding, so what's the problem with that,
>as a concept?

Well for a start it`s not a one time pad because that requires a 
totally real random pad. They have a stream cipher, as for whether it 
is any good or not I would normally not trust a man with the talent 
for bullshit Don Wood has.


  Datacomms Technologies web authoring and data security
       Paul Bradley, Paul@fatmans.demon.co.uk
  Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org    
       Http://www.cryptography.home.ml.org/
      Email for PGP public key, ID: 5BBFAEB1
     "Don`t forget to mount a scratch monkey"