Re: [PGP-USERS] Crypto-logic US$1 million Challenge

[geeman@best.com]

There was a Snake-oil FAQ floating around for quite a while that addressed
all this
in some detail.

This scheme/scam has circulated before, too although I forget the name of
the perpetrating company.

At 02:40 PM 9/3/97 -0400, William H. Geiger III wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In <97090316550827/0002595870PK5EM@mcimail.com>, on 09/03/97 
>   at 11:55 AM, Jeffrey Gold <0002595870@MCIMAIL.COM> said:
>
>>Although it's not PGP, I thought this might be of interest.
>>I've condensed a Wall Street Journal Article with info from
>>the web page http://www.ultimateprivacy.com
>
>>  A start-up company is offering a $1 million challenge. Crypto-
>>Logic Corp. of Austin, Texas, claims to have created an encryption 
>>system for electronic mail so foolproof that it can't be broken.  If
>>someone can  figure out a special encrypted e-mail message  within a
>>year, the company says it will pay a reward of $1 million.
>
>>  Cryptologists agree that the decades-old encryption method   that
>>Crypto-Logic is claiming to use -- called a "one-time pad" -- 
>>is theoretically unbreakable. Each "pad" has a set of uniquely 
>>random digital symbols that are coded to the actual message. 
>>The recipient uses the same symbols to decrypt the message. 
>>The pads are used only once.
>
>>  Of course, the problem with any one-time pad is the distribution
>>of multiple pads.  A new one is needed for each message.  Public-key
>>cryptography (used by PGP) addresses this issue.  It is not clear
>>how Crypto-Logic Corp. addresses the distribution issue.
>
>
>ROTFLMAO!!!!!
>
>What a sweet little scam they have going here. :)
>
>While there product cost $99, which is not unreasonable for a security
product of this nature, they charge $49 for the "OTP's" (I'll get to the
OTP's later)!!!
>
>Now they way they have this set-up is that for each person that you are
communicating with requires a separate "OTP". The program comes with 2
"OTP's" and additional "OTP's" can be purchased for $49. So say you have 10
people you wish to communicate with you are talking almost $500 out the
gate to get going!!! This is just silly.
>
>
>Now to "OTP's". These are the things that snake-oil salesmen's dreams are
made of. Here is how their sales pitch works (and i have seen many of them
over the years):
>
>
>1) OTP's are unbreakable
>2) We use an OTP
>3) Our program is unbreakable
>4) You should use our program
>
>I will address all three points of their sales pitch and show the flaws in
it.
>
>1) OTP's are unbreakable:
>
>  To understand how one can make this claim (and it is true) on needs to
understand what a OTP is and how it works.
>
>A OPT (One Time Pad) is just a file of random numbers. That's it, nothing
fancy here. To encrypt a message one takes the bits in the plaintext and an
equal amount of bits from the OTP and XOR them together. The result is just
another random file of bits. To get the plaintext back one takes the
"encrypted" files and Xor's it with the same bits used the first time.
>
>Quite simple but there is a catch:
>
>  Your OTP must but TRULY RANDOM!! If there are any patterns in your
"random" data you are dead in the water. The biggest flaw in products that
claim to use OTP's is they use what is called a PRNG (pseudo random number
generator). Unfortunately the data that PRNG's produce are not sufficiently
"random" for use in OTP's. It has long been accepted in the field of
cryptology that you *MUST* use a real world sample for random data, things
like measuring the time intervals between click on a Geiger counter
measuring background radiation.
>
>A second catch:
>
>  You must never, never reuse any of the bits from your OTP!!! As simple
as this seems (after all this is why they call it an One Time Pad) there
are programmers out there that fail to grasp this basic concept. Now AFAIK
there is no pad reuse with this program. That's where their revenue stream
is comming from charging you for the new pads!
>
>So if you use truly random data (no PRNG's) and you never reuse bits then
an OTP encrypted message is provably unbreakable.
>
>
>2) We use OTP's
>
>I have seen numerous claims by various "snake-oil" salesmen that their
program uses an OTP only too see that they are using a PRNG to generate
their "OTP". I even had one claim that it was ok to reuse his PRNG
generated pad.
>
>Now since the company provided no details on how they generate the OTP's
who knows what they are doing.
>
>3) Our program is unbreakable
>
>Well if they are dotting all their I's and crossing all their T's when it
comes to generating and using OTP's then yes the message is unbreakable.
>
>But wait their program does not generate the OTP's you must buy them from
the company!! This means that a 3rd party outside of you and the person you
are communicating with has a copy of the pad!!! This is a big no-no in
cryptology. Anyone who has access to the OTP can decrypt any message that
was encrypted using it. What type of security do they have on site? Who has
access to the OTP's?? How are they generated?? What are their policies if
the government requests access to these OTP's?? All questions left
unanswered by the company.
>
>I must say that I seriously question the on-site security of the OTP's
considering how the initial OTP's are sent to the customer, (drum roll
please), the just MAIL them!!!!
>
>This brings us to the third catch to using OTP's: How to exchange the pads.
>
>Before the advent of Public Key Encryption this was the most daunting task
in cryptology. How do you get the keys to the people who need them to
decrypt the message??? With OTP's or any form of cryptology where the same
key is used to encrypt and decrypt the message the user must find a
"secure" channel for exchanging the keys. This is no different than a key
to a house or a car, the same key is used to lock and unlock the door.
Anyone who has a copy of the key can unlock the door. Need less to say you
don't just send the key in the mail. Usually such exchanges are done in
person or if this is not practical a "trusted" courier is used to exchange
the key. Not very practical for every day use.
>
>
>4) You should use our program
>
>Consider the following:
>
>- -- Unknown methods used for generation Otp's
>- -- Customer unable to generate their own OTP's
>- -- Unknown "on-site" security
>- -- Otp's escrowed by company (they have a copy of your keys)
>- -- Additional cost for each new key
>- -- Obvious lack of security in mailing initial Otp's to customers
>- -- No solution to the key exchange problem
>- -- No source code for program
>
>I would not use this program nor would I recommend it to anyone else.
There are may other programs that provide overall better security than what
this program ever can or ever will provide.
>
>I will CC: the Cyberpunks & Coderpunks list as there may be others there
who can better expand on this issue.
>
>
>- -- 
>- ---------------------------------------------------------------
>William H. Geiger III  http://www.amaranth.com/~whgiii
>Geiger Consulting    Cooking With Warp 4.0
>
>Author of E-Secure - PGP Front End for MR/2 Ice
>PGP & MR/2 the only way for secure e-mail.
>OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
            
>- ---------------------------------------------------------------
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3a
>Charset: cp850
>Comment: Registered_User_E-Secure_v1.1b1_ES000000
>
>iQCVAwUBNA2vRI9Co1n+aLhhAQF7NgP/TIfrhNW8QMiqNBE0atN0lVBeZFtTk1Jh
>ARJeGkh+ZxV+yphx0CGe9xMWRLYx3qqFPmb69iPG3AdRiLFVigSoK5HiNo857ilh
>6pSt3ZHVJStJ8BjPazH+n3QXQGtrCZ2hBF6kBWfPxDMFdc+dZZ0y0/4kSt60Dnx1
>CulFvdCNIK4=
>=yDMp
>-----END PGP SIGNATURE-----
>
>
>