[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Percy the Python loves IPG

To: [email protected]
Subject: Percy the Python loves IPG
From: [email protected] (David R. Conrad)
Date: Sun, 25 Feb 1996 22:41:58 -0500
Reply-To: [email protected]
Sender: [email protected]

I think the IPG system is great!  Percy, my pet python, has never been
slicker or better lubricated!

IPG Sales <[email protected]> wrote:
>Perhaps so, but our system does employ a true hardware generated OTP, and
>operates similiar to what you describe -  however, the important
>differernce is that we use a smal;l OTP to generate a larger OTP, like
>stringing the cable across the Golden Gate narrows.

What you have, as far as I can tell, with your "random-number-rotor-large-
random-prime-number-rotor-wheels", is a proprietary encryption algorithm
that uses a 5600-bit random number as a key.

There are two points on which you are to be commended.  5600 bits is
plenty large as a key (excessive, even), and you claim to generate the
key with a true hardware RNG.

Unfortunately, you are undone by two points which go against your scheme.

First, your algorithm is proprietary, and as such is probably not worth
a hill of beans.

Second, the keys to your system are known to three parties: the sender of
a message, the recipient of that message, and your company!  This means
that your company can intercept and decrypt any message that uses your
system.  All that is required is to keep a record of all keys generated
and who they were distributed to, and to know the identities of the
people communicating.

You've already indicated, when you claimed "790 gigabytes" of data
generated for testing with "multiple backups", that your company has
the capability to store and access multiple terabytes of information.

I'm sure you will protest your honesty; you may even *be* honest, but the
security of your system will rely not only on the security of the algorithms
and their correct implementation, but also on the honesty of your company
and every employee who ever works for it.

I don't need to trust R, S, and A whenever I use RSA, so long as the
algorithm is secure, and correctly implemented.

> Just becuase we
>convert over from a full OTP to a prime number wheel system configured
>from the OTP doers not mnean that the result is not an OTP

Of course it does.  Which part of "One" don't you understand?

--
David R. Conrad, [email protected]   PGP key on    GDFN Hardware and
http://detroit.freenet.org/staff/conrad        home page   Software Committee
"If you can't say 'fuck', you can't say 'fuck the government'." --Lenny Bruce

Prev by Date: Java configurability
Next by Date: TWP on Crypto Export Policy
Prev by thread: Re: Java configurability
Next by thread: Re: Percy the Python loves IPG
Index(es):
- Date
- Thread