[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Privacy Guaranteed ad (POTP Jr.)



I wrote:
# Gee, why are we all so worried about key management ?  It's just a load and
# go installation at each of the user sites !  ;)

("That was sarcasm, son")

IPG Sales writes:
> That is precisely why PCX Nvelopes is such an extraordinary system. 
> That is the beauty of PCX Nvelopes, it lifts that  burden from the 
> user, eliminates it entirely. You may have worried about key 
> management, but with our system, you will not have to do so in the 
> future. The system itself, manages all the OTPs, you do not have to do 
> anything but use the system. Key management is the problem with all existing 
> systems, but it is no problem at all with the PCX Nvelopes system, 

What protects each user's one time pads ("PCX Nvelopes", or whatever) ?  

Are they protected by an eight-character Unix account password ?  (This would 
be harder for implementations on traditionally single-user platforms like the
Macintosh and most of the Microsoft OSes, presumably.) 

Are they protected by a policy that says all users must lock away their IPG
disks or CDs when not in use ?  

Also, how are they protected from the people who generate the one-time pads
at IPG (and their friends and families) ? 

> as you 
> would see if you looked at the system, instead, of talking about something 
> when you have no idea at all of what it is about. 

As I said earlier, I read all your material and still had almost no idea
at all about what it is. If you don't tell people about the system, it's
extremely hard for them to do more than speculate.

> The first set of keys 
> must be sent by a secure source, US mail, FED EX, or whatever, but
> thereafter, all updates can be accomodated over Internet. 

Keys ?  Wait a minute, #2 of the "Dozen Reasons why PCX Nvelopes is
absolutely the finest Communication Security and Privacy system available",
according to http://www.netprivacy.com/ipg/dozbest.html, is:

"2. No Messy, Intrusive Passwords/Encryption Keys to get in your way and
worry about, forget about those troublemakers"

[...]
> all hardware generation of OTP's are irregular, otherwise they are not 
> random. 

I'm not sure what you mean by "irregular" in this context.

> Thus at times, a hardware source, such as ADC LOB system, can generate 
> nonrandom data, unless this is checked, it can destroyed the integrity of 
> your system. 

This doesn't quite jibe with my understanding of the typical use of a hardware
RNG. From what I have read, one starts with an unpredictable bit source with
some known bias, so that each original bit has somewhat less than one bit of
real entropy. The bias is "corrected" by combining the original bits to get
fewer bits with enough real entropy, and then repeating the process enough to
get enough final bits of real entropy. 

Could you explain what the acronyms "ADC" and "LOB" mean here ?  I
just tried a web search for the two together, and all I got was a page of
UFO acronyms, and some astronomical acronyms (LOB = Lick Observatory 
Bulletin). Schneier discusses hardware RNG at length in Applied Cryptography,
but he doesn't mention either acronym. I might guess that LOB = Low Order
Bits.

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)