1997-09-03 - Re: [PGP-USERS] Crypto-logic US$1 million Challenge

Header Data

From: “William H. Geiger III” <whgiii@amaranth.com>
To: pgp-users@joshua.rivertown.net
Message Hash: b6ed3bc5de0bdeb3430fb2079738b28f56df6961dcdea70d122e977be49f8320
Message ID: <199709031939.OAA29483@mailhub.amaranth.com>
Reply To: <97090316550827/0002595870PK5EM@mcimail.com>
UTC Datetime: 1997-09-03 19:52:22 UTC
Raw Date: Thu, 4 Sep 1997 03:52:22 +0800

Raw message

From: "William H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 4 Sep 1997 03:52:22 +0800
To: pgp-users@joshua.rivertown.net
Subject: Re: [PGP-USERS] Crypto-logic US$1 million Challenge
In-Reply-To: <97090316550827/0002595870PK5EM@mcimail.com>
Message-ID: <199709031939.OAA29483@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <97090316550827/0002595870PK5EM@mcimail.com>, on 09/03/97 
   at 11:55 AM, Jeffrey Gold <0002595870@MCIMAIL.COM> said:

>Although it's not PGP, I thought this might be of interest.
>I've condensed a Wall Street Journal Article with info from
>the web page http://www.ultimateprivacy.com

>  A start-up company is offering a $1 million challenge. Crypto-
>Logic Corp. of Austin, Texas, claims to have created an encryption 
>system for electronic mail so foolproof that it can't be broken.  If
>someone can  figure out a special encrypted e-mail message  within a
>year, the company says it will pay a reward of $1 million.

>  Cryptologists agree that the decades-old encryption method   that
>Crypto-Logic is claiming to use -- called a "one-time pad" -- 
>is theoretically unbreakable. Each "pad" has a set of uniquely 
>random digital symbols that are coded to the actual message. 
>The recipient uses the same symbols to decrypt the message. 
>The pads are used only once.

>  Of course, the problem with any one-time pad is the distribution
>of multiple pads.  A new one is needed for each message.  Public-key
>cryptography (used by PGP) addresses this issue.  It is not clear
>how Crypto-Logic Corp. addresses the distribution issue.


ROTFLMAO!!!!!

What a sweet little scam they have going here. :)

While there product cost $99, which is not unreasonable for a security product of this nature, they charge $49 for the "OTP's" (I'll get to the OTP's later)!!!

Now they way they have this set-up is that for each person that you are communicating with requires a separate "OTP". The program comes with 2 "OTP's" and additional "OTP's" can be purchased for $49. So say you have 10 people you wish to communicate with you are talking almost $500 out the gate to get going!!! This is just silly.


Now to "OTP's". These are the things that snake-oil salesmen's dreams are made of. Here is how their sales pitch works (and i have seen many of them over the years):


1) OTP's are unbreakable
2) We use an OTP
3) Our program is unbreakable
4) You should use our program

I will address all three points of their sales pitch and show the flaws in it.

1) OTP's are unbreakable:

  To understand how one can make this claim (and it is true) on needs to understand what a OTP is and how it works.

A OPT (One Time Pad) is just a file of random numbers. That's it, nothing fancy here. To encrypt a message one takes the bits in the plaintext and an equal amount of bits from the OTP and XOR them together. The result is just another random file of bits. To get the plaintext back one takes the "encrypted" files and Xor's it with the same bits used the first time.

Quite simple but there is a catch:

  Your OTP must but TRULY RANDOM!! If there are any patterns in your "random" data you are dead in the water. The biggest flaw in products that claim to use OTP's is they use what is called a PRNG (pseudo random number generator). Unfortunately the data that PRNG's produce are not sufficiently "random" for use in OTP's. It has long been accepted in the field of cryptology that you *MUST* use a real world sample for random data, things like measuring the time intervals between click on a Geiger counter measuring background radiation.

A second catch:

  You must never, never reuse any of the bits from your OTP!!! As simple as this seems (after all this is why they call it an One Time Pad) there are programmers out there that fail to grasp this basic concept. Now AFAIK there is no pad reuse with this program. That's where their revenue stream is comming from charging you for the new pads!

So if you use truly random data (no PRNG's) and you never reuse bits then an OTP encrypted message is provably unbreakable.


2) We use OTP's

I have seen numerous claims by various "snake-oil" salesmen that their program uses an OTP only too see that they are using a PRNG to generate their "OTP". I even had one claim that it was ok to reuse his PRNG generated pad.

Now since the company provided no details on how they generate the OTP's who knows what they are doing.

3) Our program is unbreakable

Well if they are dotting all their I's and crossing all their T's when it comes to generating and using OTP's then yes the message is unbreakable.

But wait their program does not generate the OTP's you must buy them from the company!! This means that a 3rd party outside of you and the person you are communicating with has a copy of the pad!!! This is a big no-no in cryptology. Anyone who has access to the OTP can decrypt any message that was encrypted using it. What type of security do they have on site? Who has access to the OTP's?? How are they generated?? What are their policies if the government requests access to these OTP's?? All questions left unanswered by the company.

I must say that I seriously question the on-site security of the OTP's considering how the initial OTP's are sent to the customer, (drum roll please), the just MAIL them!!!!

This brings us to the third catch to using OTP's: How to exchange the pads.

Before the advent of Public Key Encryption this was the most daunting task in cryptology. How do you get the keys to the people who need them to decrypt the message??? With OTP's or any form of cryptology where the same key is used to encrypt and decrypt the message the user must find a "secure" channel for exchanging the keys. This is no different than a key to a house or a car, the same key is used to lock and unlock the door. Anyone who has a copy of the key can unlock the door. Need less to say you don't just send the key in the mail. Usually such exchanges are done in person or if this is not practical a "trusted" courier is used to exchange the key. Not very practical for every day use.


4) You should use our program

Consider the following:

- -- Unknown methods used for generation Otp's
- -- Customer unable to generate their own OTP's
- -- Unknown "on-site" security
- -- Otp's escrowed by company (they have a copy of your keys)
- -- Additional cost for each new key
- -- Obvious lack of security in mailing initial Otp's to customers
- -- No solution to the key exchange problem
- -- No source code for program

I would not use this program nor would I recommend it to anyone else. There are may other programs that provide overall better security than what this program ever can or ever will provide.

I will CC: the Cyberpunks & Coderpunks list as there may be others there who can better expand on this issue.


- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNA2vRI9Co1n+aLhhAQF7NgP/TIfrhNW8QMiqNBE0atN0lVBeZFtTk1Jh
ARJeGkh+ZxV+yphx0CGe9xMWRLYx3qqFPmb69iPG3AdRiLFVigSoK5HiNo857ilh
6pSt3ZHVJStJ8BjPazH+n3QXQGtrCZ2hBF6kBWfPxDMFdc+dZZ0y0/4kSt60Dnx1
CulFvdCNIK4=
=yDMp
-----END PGP SIGNATURE-----






Thread