[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using pgp to make an otp



At 11:31 PM 11/6/95 EST, Derek Atkins <[email protected]> wrote:
>> 	PGP output is not random enough to be used for a one time pad.
>> The security of a OTP is *entirely* based on the quality of the random
>> numbers; they should come from some strong generator.  Building good
>> one time pads is tough, and usually not worth the effort.
>
>No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
>random enough for an OTP.  The problem then becomes distributing this
>data.

amp had written:
| my point here is that _if_ pgp output is random enough, i wouldn't need
| hardware. even i, with my extremely limited programming skills could create
| a .cmd file or program that could be used as input for a stream cypher.

The output of PGP should be random enough for your application,
as long as you don't think you're getting a cryptographically-correct OTP
out of the deal.  PGP uses its randpool stuff in its random number generation,
so there are likely to be at least 24 bytes of real randomness kept around, 
maybe more depending on the size of your randpool, but the rest of
your security comes from algorithm quality and is theoretically crackable
like any pseudo-random sequence (albeit requiring exponentially-large
crackwork.)
It's using IDEA in a feedback mode, so it's better than just repeated MD5s.

The output of PGP +makerandom probably is secure enough for most applications,
depending on how many bits you're using, what you're doing with it,
and how paranoid you need to be.  Check out the code to be sure.
You may have special applications such as amp's stream cypher
for which it's more convenient to XOR the makerandom instead of using PGP,
but watch out for attacks like known-plaintext, which can really bite you
in secure-voice systems where there's a lot of near-silence.
Careless protocol work can spoil really decent random numbers....
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---