[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using pgp to make an otp

Will it ever sink in that NO algorithm produces a "random" bitstring, and
therefore NO algorithm can be the driver of a one time pad?

The output of an algorithm is (at best) PSEUDOrandom.  While a stream
cypher constructed that way may be strong, it is NOT a one time pad and
does NOT share with one time pad the unique property of being absolutely
unbreakable from first principles.  (It may very well have the property that
it is too hard to break in practice -- if so it makes a useful cryptosystem.
But to call such a thing "OTP" indicates a fundamental misunderstanding.)

See the sci.crypt FAQ for more details.


From: owner-cypherpunks
To: Adam Shostack
Cc: Alan.Pugh; cypherpunks
Subject: Re: using pgp to make an otp
Date: Monday, November 06, 1995 11:31PM

>       PGP output is not random enough to be used for a one time pad.
> The security of a OTP is *entirely* based on the quality of the random
> numbers; they should come from some strong generator.  Building good
> one time pads is tough, and usually not worth the effort.

No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
random enough for an OTP.  The problem then becomes distributing this