From: Adam Back <aba@dcs.ex.ac.uk>
Date: Tue, 26 Nov 1996 15:21:23 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: IPG Algorith Broken!
In-Reply-To: <848946795.108068.0@fatmans.demon.co.uk>
Message-ID: <199611251519.PAA00399@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



Paul Fatman writes:
> someone else writes:
> >Is the concept here that:  Whereas conventional crypto generates/hashes
> >a *key* with which to encode the text, IPG generates a *pad* from a key,
> >more or less the length of the text, with which to encode the text??
> 
> It makes no difference whatsoever, no PRNG can have more entropy in 
> the output stream than there was in the initial seed. Indeed, in 
> general, the longer the PRNG runs for the more chance an adversary 
> has of breaking it due to an increased amount of output.

Also the distinction between generating a psuedo random pad, and
XORing that with the data and conventional ciphers is small and
largely a matter of interpretation.  This _is_ for example how RC4
works: RC4 has a PRNG the output of which is XORed with the data to be
encrypted.  The seed to the RC4 PRNG is the cryptographic key.  If you
prefered, an equivalent view of RC4 would be to say it produces a
pseudo randomly generated PAD which is XORed with the data.

Ron Rivests algorithm however has received independent review, and
since it's "leak", academic review.  It has survived unblemished so
far.

For Don Wood's algorithm on the other hand, I have seen no reports of
any independent or academic or even casual review.  This doesn't prove
a negative, but it bodes badly for his algorithm in my view.

If he was serious about his algorithm, he would attempt to get it
published in a peer reviewed cryptographic journal, and/or pay for
high reputation independent cryptographic consultants to examine it.

That is my advice to Don,

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`