[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using pgp to make an otp

To: amp <[email protected]>
Subject: Re: using pgp to make an otp
From: "Perry E. Metzger" <[email protected]>
Date: Sat, 04 Nov 1995 23:28:08 -0500
Cc: cypherpunks <[email protected]>
In-Reply-To: Your message of "Sun, 05 Nov 1995 09:58:39 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

amp writes:
> i want a source of data for use as a otp. i don't want to have to
> hook up any external devices to my pc to do it. (although some of the
> methods mentioned in the past few days are quite interesting.) 
> 
> i'd like to know if there was a reason not to use the output of pgp
> to do it.

Yes. What you have then is just an elaborate cipher that is not a one
time pad. For it to be a one time pad, the numbers must be truly
random and generated only once, period.

> i would think that the output of pgp should be pretty darn random.

If PGP is good enough for use as a source for cipher keying material,
then you needn't use it as a one time pad -- just use PGP directly. If
PGP isn't good enough, it certainly isn't good enough for use as
cipher keying material. In either case, it is NOT NOT NOT a one time
pad if it isn't truly random numbers -- that means physically random.

Perry

Follow-Ups:
- Re: using pgp to make an otp
  - From: Simon Spero <[email protected]>

References:
- using pgp to make an otp
  - From: amp <[email protected]>

Prev by Date: Re: To Repeat: Credentials Not Considered Necessary
Next by Date: Telephone switch capacity
Prev by thread: Re: using pgp to make an otp
Next by thread: Re: using pgp to make an otp
Index(es):
- Date
- Thread