[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "power one time pad"



On Fri, 20 Oct 1995, Paul Koning 1695 wrote:

> 
> I'd be interested in reactions to the article in Network World, 10/16/95 
> issue,
> page 53.  It describes a supposed cryptosystem that sounds bogus, but
> I can't make up my mind about how much is the system and how much is
> the confusion of the author.
I have heard a lot about the Elementrix POTP encryption algorithm.  I remain
skeptical of this algorithm until the source code is released.
 
> Among other things, it says that POTP "doesn't use an encryption algorithm;
> instead it synchronizes random processes on two computers as they
> communicate".  (I wonder if the author understands that that's just another
> way to describe encryption algorithms...)  
I don't believe this is an error caused by the author's ignorance of 
encryption.  I remember hearing the same exact thing about POTP "not using an
encryption algorithm" from one of the Elementrix spokespeople.

> The other claim is that it 
> eliminates
> the need to manage keys.  "... there is no need for central servers where 
> PGP
> keys ... are kept".
> 
> This seems like a strange claim because of course PGP doesn't require
> central servers, but more importantly, you can't do authentication without
> at least one piece of keying data being established out of band.  That
> could be a certification authority public key, but you need something
> to get started.
> 
> Supposedly this thing was shown at Interop.  Did anyone see it, and does
> the product make sense even if the article didn't?

I downloaded the secure email client for windoze and it seemed to make sense.
I might have misunderstood the documentation but it says that it has to
establish a "secure channel" with the other person by reciprocating emails with
what I would guess to be key synchronization data.  FYI, this client is  
available from the Elementrix FTP site at ftp.elementrix.com.
----------------------------------------------------------------
`finger -l [email protected]` for public key and Geek Code
Public Key 1024-bit: 0xF9B22BA5
Fingerprint: BD 24 D0 8E 3C BB 53 47  20 54 FA 56 00 22 58 D5