Better than PGP!
David Powell
I along with another programmer have develpped what we believe to be the
first program capable of 100% secure data encryption. We have tested it
against hackers and professional cryptologists alike and none have been able
to break it. Currently, we have a fully functional Dos version and are now
in the process of writing a conversion to the Windows platform. If you are
interested in finding out more, you can write me e-mail, or snail-mail at
the addresses below. Because we are private programmers, we are looking for
a U.S. based REPUTABLE company to polish and then publish our program.
Thanks,
Dave Powell
David Powell
P.O. Box 4924
Petaluma, CA 94955
Jipsy
found some break in the space time continuum, even then... .
Second of all, you must publish the entire source code or no one will
trust your algorithms.
On 25 Jan 1996 01:32:22 GMT, dpo...@nermal.santarosa.edu (David
Mark Levitt
dpo...@nermal.santarosa.edu (David Powell) wrote:
>
>I along with another programmer have develpped what we believe to be the
>first program capable of 100% secure data encryption. We have tested it
>against hackers and professional cryptologists alike and none have been able
>to break it. Currently, we have a fully functional Dos version and are now
>in the process of writing a conversion to the Windows platform. If you are
>interested in finding out more, you can write me e-mail, or snail-mail at
>the addresses below. Because we are private programmers, we are looking for
>a U.S. based REPUTABLE company to polish and then publish our program.
>
So, have you, say, had an article accepted for publication in the appropriate
journals? That's the first step in "testing" it.
____________________________________________________________________
Mark E. Levitt
Department of Speech Communication, Syracuse University
E-mail: mele...@mailbox.syr.edu
Home Page: http://web.syr.edu/~melevitt
PGP fingerprint = B8 A3 AA A6 0F 83 9A BE F2 7A 19 F9 15 79 FE A4
Public key available from http://web.syr.edu/~melevitt/pgpkey.html
____________________________________________________________________
Route
: |I along with another programmer have develpped what we believe to be the
: |first program capable of 100% secure data encryption. We have tested it
The only 100% secure system is a one-time pad. ALL others can be
broken. Has your algorithm had years of public and private scrutiny?
When your algorithm has had even half the scrutiny that DES has had,
and still is infeasibly broken, come back to us. Until then, NO ONE
will use your product.
--
infiNity .oOo. Member of the infamous Guild | spreading information
route .oOo. Use strong Cryptography | like it was going
daemon9 .oOo. Finger for info | out of style
Maarten D. de Jong
: David Powell (dpo...@nermal.santarosa.edu):
:
: : |I along with another programmer have develpped what we believe to be the
: : |first program capable of 100% secure data encryption. We have tested it
:
: The only 100% secure system is a one-time pad. ALL others can be
: broken. Has your algorithm had years of public and private scrutiny?
: When your algorithm has had even half the scrutiny that DES has had,
: and still is infeasibly broken, come back to us. Until then, NO ONE
: will use your product.
At least all of us reading this group (or what's-his-name's books on crypto-
graphy -- I ought to ask those for my birthday :) ) know what to do when
someone claims a 100%-safe algorithm has been forged...
Maarten
--
******************************************************************************
* We learn from history that we never learn anything from history. *
******************************************************************************
|
Maarten D. de Jong |
dej...@cpt6.stm.tudelft.nl |
|
------------------------------------------------------------------------------
Ralf G. R. Bergs
: No encryption is 100% secure, first of all. Unless of course you
One-time padding is.
--
Ralf G. R. Bergs * Welkenrather Str. 100--102 * 52074 Aachen * Germany
+49-241-876892, +49-2261-21968 (fax), ra...@rwth-aachen.de * Team OS/2
Earth is flat, pigs can fly, and nuclear power is safe. (Greenpeace)
Surfer
>I think we have a hacker among... Besides myself. If a hacker gains
>source code on an encryption program then it becomes useless! The best
>way to understand or to change a program is trhough source code or a
>complete understaing of it. The best hackers are usually also
>programmers. :)
er... PGP is useless ? everyone knows the PGP algorithm you
get the source code for it...
if you dont get the source how do you know theres no back
doors to it ?
Scott Monk
>
>No encryption is 100% secure, first of all. Unless of course you
>
>Second of all, you must publish the entire source code or no one will
>trust your algorithms.
>
>On 25 Jan 1996 01:32:22 GMT, dpo...@nermal.santarosa.edu (David
>Powell) wrote:
>
>>
the
>>first program capable of 100% secure data encryption. We have tested
it
been able
>>to break it. Currently, we have a fully functional Dos version and
are now
>>in the process of writing a conversion to the Windows platform. If
you are
>>interested in finding out more, you can write me e-mail, or
snail-mail at
>>the addresses below. Because we are private programmers, we are
looking for
>>a U.S. based REPUTABLE company to polish and then publish our
program.
>>
>>Dave Powell
>>
>>dpo...@nermal.santarosa.edu
>>
>>David Powell
>>P.O. Box 4924
>>Petaluma, CA 94955
>>
>>
>
source code on an encryption program then it becomes useless! The best
way to understand or to change a program is trhough source code or a
complete understaing of it. The best hackers are usually also
programmers. :)
Another faithful online user hacked into!
Bye now
Technomancer
Live life byte by byte
Until cyberspace goes 3D
Tod DeBie
is similar to pgp, it just uses a different key every time. The trick is that you
have to get a set of all of the keys to your recipiant in a secure fashion. But if
you can do that, why do you need to bother with encryption in the first place?
Tod DeBie
Route wrote:
>
> David Powell (dpo...@nermal.santarosa.edu):
>
> : |I along with another programmer have develpped what we believe to be the
> : |first program capable of 100% secure data encryption. We have tested it
>
> The only 100% secure system is a one-time pad. ALL others can be
> broken. Has your algorithm had years of public and private scrutiny?
> When your algorithm has had even half the scrutiny that DES has had,
> and still is infeasibly broken, come back to us. Until then, NO ONE
> will use your product.
>
>
Iolo Davidson
low...@ix.netcom.com(Scott "Scott Monk " writes:
> If a hacker gains
> source code on an encryption program then it becomes useless!
Nonsense. PGP source is available everywhere. People who really
understand crypto won't use anything that relies on keeping its
source secret. That just means that it won't stand up to review.
--
NO LADY LIKES ACCOMPANIED BY
TO DANCE A PORCUPINE
OR DINE Burma-Shave
Iolo Davidson
> Even one time pad can be broken.
No, it can't. This is the one encryption that is proven to be
unbreakable.
> Just like a pgp key can be broken. One time
> pad is similar to pgp, it just uses a different key every time.
More nonsense.
> The trick is that you have to get a set of all of the keys to
> your recipiant in a secure fashion. But if you can do that,
> why do you need to bother with encryption in the first place?
The one time pad works just fine in military situations, where a
unit (ship or plane) leaves a base where it can securely transfer
all the key it will need (the stuff is cheap and compact) and
then goes somewhere else from where it needs to maintain secure
communications over an insecure link. There are similar
"mission" situations in civilian and business life where the one
time pad would be eminently usable.
Gilles Gravier
>
> I think we have a hacker among... Besides myself. If a hacker gains
> source code on an encryption program then it becomes useless! The best
You are wrong. Having source code to an encryption progrqam doesn't make it
useless... If you have the source code to a program that implements a
non-bijective function, than you still can't make it bijective. It's
mathematics.
Having the source code available for an encription algorithm makes it more
secure, because people can verify that is is really what it claims to be, that
it does implement the advertized algorithms, and that if it has bugs, they
get corrected rapidly. PGP is very secure (i.e. nobody has yet given proof
that it can be succesfully attacked), and it is publicly available, based
on very well documented algorithms...
> way to understand or to change a program is trhough source code or a
> complete understaing of it. The best hackers are usually also
> programmers. :)
To hack is usually to program, indeed... To crack is something else
altogether.
Gilles.
--
---------------------=<( Gilles....@France.Sun.com )>=---------------------
cout >> DisclaimerMessage // My company doesn't necessarily think what I write!
"Les cons ca ose tout, c'est meme a ca qu'on les reconnait."
_Les_Tontons_Flingueurs_ (dialogues: Audiard)
Mel Wilson
In article <310EF3...@ix.netcom.com>,
Tod DeBie <tde...@ix.netcom.com> wrote:
>Even one time pad can be broken. Just like a pgp key can be broken. One time pad
>is similar to pgp, it just uses a different key every time. The trick is that you
>have to get a set of all of the keys to your recipiant in a secure fashion. But if
>you can do that, why do you need to bother with encryption in the first place?
You may have a secure channel now, but have nothing to say, and you
may know that later you will have something to say, but won't have a
secure channel. Ergo one-time pads.
Regards. Mel.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMRAaS0oezilfrZRVAQFTMwP/WX4AQSlNSEyRkDiRLuRpXcdoI6zRAByv
4vNvzDhK92xKQCtauO39NJ3uZt7sDRCc5H02jHajYlIKzuWBD23XbpszvLPQ2uk1
RAjptMlHtJM4+iZm1jyLI64NCz+tQcS3aJFnogUi7uwbE8plPyBXqFcoS4jQplaC
OT3B40h1Ihc=
=eV3l
-----END PGP SIGNATURE-----
Joachim Schreiber
>Even one time pad can be broken. Just like a pgp key can be broken. One time pad
>is similar to pgp, it just uses a different key every time. The trick is that you
>have to get a set of all of the keys to your recipiant in a secure fashion. But if
>you can do that, why do you need to bother with encryption in the first place?
>
>
>
>Route wrote:
>>
>> David Powell (dpo...@nermal.santarosa.edu):
>>
>> : |I along with another programmer have develpped what we believe to be the
>> : |first program capable of 100% secure data encryption. We have tested it
>>
>> The only 100% secure system is a one-time pad. ALL others can be
>> broken. Has your algorithm had years of public and private scrutiny?
>> When your algorithm has had even half the scrutiny that DES has had,
>> and still is infeasibly broken, come back to us. Until then, NO ONE
>> will use your product.
>>
>>
>
Another way to break PGP: Ask an clairvoyant!???
Joachim Schreiber.
Heinz-Peter Bader
- -----------ORIGINAL MAIL-------------------------------------
Date: 31.01.1996 05:44
From: Tod DeBie,tde...@ix.netcom.com,UseNet (m)
To: alt.security.pgp
Subject: Re: Better than PGP!
- -------------------------------------------------------------------
************** QUOTES MAY BE SHORTENED **************
>Even one time pad can be broken. Just like a pgp key can be broken. One
time
>pad
>is similar to pgp, it just uses a different key every time. The trick is
that
>you
>have to get a set of all of the keys to your recipiant in a secure fashion.
>But if
>you can do that, why do you need to bother with encryption in the first
place?
Just to take precautions for the future. I am able to exchange a
secret key today, but who knows if I don't really need it tomorrow.
When the key cannot be safely exchanged anymore, the time has come to
actually use it for the encryption.
hpb
============================================
hp.b...@magnet.at
hp.b...@cso.co.at
============================================
writing on 1.2.1996 at 0:02 (GMT+1)
***** PGP encrypted mail preferred *****
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAgUBMQ/2IfbbncrCX7ndAQFkUQQAt7MX8ejiNAh3Sgqd3/E243+kZrhWXFVe
6yyFxFGjkatRxBD2wNf1gl5llfCDPY7drGe706D6wsEMIsXIEB5sDCwFTHL9FzZf
GP9/WBRG6QnOaPhoj3oRA3/DX73HzmmEtWKeMuP1/nzYT36TG3a0Q5KxQxBPXHjA
h406XFwKX+c=
=LEQ+
-----END PGP SIGNATURE-----
--- OffRoad 1.9n registered to Heinz-Peter Bader
Boudewijn W. Ch. Visser
>Even one time pad can be broken. Just like a pgp key can be broken. One time pad
>is similar to pgp, it just uses a different key every time. The trick is that you
>have to get a set of all of the keys to your recipiant in a secure fashion. But if
>you can do that, why do you need to bother with encryption in the first place?
>Tod DeBie
No,a properly used one time pad can NOT be broken. If you use truly random
number,use them only once and make sure they are only known to you and
the recipient,the OTP is SAFE. PROVEN SAFE.
This makes it *very* different from pgp; breaking PGP is believed to be
infeasable with all known methods and computers.
You use a OTP because you can distribute the OTP at one time,and have a secure
communication at a later time.
Boudewijn
--
+-------------------------------------------------------------------+
|Boudewijn Visser |E-mail:vis...@ph.tn.tudelft.nl |finger for |
|Dep. of Applied Physics,Delft University of Technology |PGP-key |
+-- my own opinions etc --------------------------------------------+
Michael Deindl
Tod> Even one time pad can be broken. Just like a pgp key can be
Tod> broken.
Fascinating! Tell us more about your technics breaking OTP.
Sure, you can try to exhaust the key-space of a OTP. I recall
Schneier gives a calculation that an _optimal_ computer needs the
energie of a medium Super-Nova to count from 0 to 2^211 - 1
Given that most messages might be far longer than 211 bits, you might
run into power-supplie problems here......
Additionally you have to solve the problem how to pick the right
message out of the many meaningful messages (ever thought about how
many meaningful English messages of the exact length of 100 bytes
might exist? Then add some typos, additional spaces, newlines,
etc....)
Tod> One time pad is similar to pgp, it just uses a different
Tod> key every time.
Funny.
Tod> The trick is that you have to get a set of all
Tod> of the keys to your recipiant in a secure fashion. But if you
Tod> can do that, why do you need to bother with encryption in the
Tod> first place?
Perhaps you're the president of US and want to have a direct encrypted
phone-line to the other 4 (?) nations officially owning nuclear
weapons. Sending messengers transporting random numbers in leisure
times is not that much a problem. But in an emergency you might not
have the time for traveling a several hours before making a
decision.....
Michael
--
DISCLAIMER: My oppinions are my own, not those of my employer IBM.
Helmut Springer
: Just a tiny nit, but it has now been known for a while that the energy
: costs of an optimal computer are zero- ie it need require no energy to
unfortunately not...ever heard of entropy? it costs energy to organize
the memory since you're increasing the order which means decreasing
the entropie which means.....well that's thermodynamics...and off topic 8)
regards
delta
--
helmut 'delta' springer Computing Center Stuttgart University (RUS), FRG
de...@RUS.Uni-Stuttgart.DE Unix/Net Consulting, InfoSystems, StudBox
http://home.pages.de/~delta/
phone : +49 711 1319-112 If you've got to do it,
FAX : +49 711 685-2043 do it with cold blood...
Gordon Parr
<dpo...@nermal.santarosa.edu> writes
>
>I along with another programmer have develpped what we believe to be the
>first program capable of 100% secure data encryption. We have tested it
>to break it. Currently, we have a fully functional Dos version and are now
>in the process of writing a conversion to the Windows platform. If you are
>interested in finding out more, you can write me e-mail, or snail-mail at
>the addresses below. Because we are private programmers, we are looking for
>a U.S. based REPUTABLE company to polish and then publish our program.
>
>Thanks,
>Dave Powell
>
>dpo...@nermal.santarosa.edu
>
>David Powell
>P.O. Box 4924
>Petaluma, CA 94955
>
>
At risk of offending you which I do not want to do, whilst your idea may be very
good, I believe that everyone should consider the theological, practical and
other implications of the terminology "100% secure".
There is I suggest no such thing as 100% security of anything, so to be accepted
as realistic and pausible it is often best to suggest in any publicity that you
accept that there is no such thing as 100% security but that the system\product
or service that you propose offers significant enhancements over that of your
competition. Some form of performance data comparison although difficult in this
area would also cut the mustard
Otherwise there is little chance of security orientated people with procurement
interests taking you seriously.
But good luck it sounds good
--
Gordon Parr
A security consultant to the masses
Ilya
|Tod DeBie <tde...@ix.netcom.com> writes:
|
|>Even one time pad can be broken. Just like a pgp key can be broken. One time pad
|>is similar to pgp, it just uses a different key every time. The trick is that you
|>have to get a set of all of the keys to your recipiant in a secure fashion. But if
|>you can do that, why do you need to bother with encryption in the first place?
|
|>Tod DeBie
|
|No,a properly used one time pad can NOT be broken. If you use truly random
|number,use them only once and make sure they are only known to you and
|the recipient,the OTP is SAFE. PROVEN SAFE.
|This makes it *very* different from pgp; breaking PGP is believed to be
|infeasable with all known methods and computers.
Here is another reason why OTP can not be broken: One can transmit the
file first and the decrypting sequences later, in a file of equal size.
What this means is that there is nothing to decrypt in the first file, so
how can it be broken? The fact of the matter is that one could send a
totally random, meaningless message at first and *then* decide what it
will mean and compose corresponding keys. Interestingly enough, OTP
employes relatively simple algorithms compared to public-key encryption
programs, OTP relies heavly on the xor function. Its biggest and only
problem is that one has to transmit the key via a trusted courier whereas
PGP does not. Here is where its Achille's heel is. I doubt OTP is still
used for really serious purposes by the military or spy agencies, I
suspect public-key crypto-systems have obsoleted it.
==========================================================================
Ilya Beloozerov Email: ibel...@runet.edu
Public PGP key is available at http://www.cs.runet.edu/~ibelooze
This message is sponsored by the First Amendment to the U.S. Constitution.
==========================================================================
Paul Leyland
> In article <310EF3...@ix.netcom.com> tde...@ix.netcom.com "Tod DeBie" writes:
>
> > Even one time pad can be broken.
>
> unbreakable.
You should have quoted rather more of the article. It originally read:
] Even one time pad can be broken. Just like a pgp key can be broken.
] One time pad is similar to pgp, it just uses a different key every time.
] The trick is that you have to get a set of all of the keys to your
] recipiant in a secure fashion. But if you can do that, why do you need
] to bother with encryption in the first place?
]
] Route wrote:
]
] > The only 100% secure system is a one-time pad. ALL others can be
^^^^^^
] > broken. Has your algorithm had years of public and private scrutiny?
] > When your algorithm has had even half the scrutiny that DES has had,
] > and still is infeasibly broken, come back to us. Until then, NO ONE
] > will use your product.
Note that he said "100% secure system". A OTP may well be an ubreakable
algorithm, but it is *not* an unbreakable system.
It is exceedingly difficult to be certain that the key is truly random
(how do you test for this?); that the key material only exists in two
places (how do you know someone hasn't sneaked a copy?); that the pad has
only been used once (how do you know that the sender hasn't used it
twice with different plaintexts and that you never received the other
ciphertext?).
A cryptographic system is much more than an algorithm. The security of
key material is a vitally important component of a system, irrespective
of the strength of the crypto-algorithm against ciphertext-only
cryptanalysis.
ObPGP: PRZ and followers were well aware of the idea expressed in the
above paragraph. Take a close look at the immense trouble gone to in
order to generate good session keys, good public moduli and reasonable
protection against spoofing of identity. All of those are required,
irrespective of whether the underlying cryptography (RSA and IDEA) are
stronger or weaker than plausible alternatives.
Paul
--
Paul Leyland <p...@oucs.ox.ac.uk> | Hanging on in quiet desperation is
Oxford University Computing Services | the English way.
13 Banbury Road, Oxford, OX2 6NN, UK | The time is gone, the song is over.
Tel: +44-1865-273200 Fax: 273275 | Thought I'd something more to say.
PGP KeyID: 0xCE766B1F
Iolo Davidson
p...@sable.ox.ac.uk "Paul Leyland" writes:
> In article <823126...@mist.demon.co.uk> Iolo Davidson
> <io...@mist.demon.co.uk> writes:
>
> > In article <310EF3...@ix.netcom.com> tde...@ix.netcom.com
> "Tod DeBie" writes:
> >
> > > Even one time pad can be broken.
> >
> > No, it can't. This is the one encryption that is proven to be
> > unbreakable.
>
> You should have quoted rather more of the article.
I don't think so. The one time pad itself is unbreakable in
principle. Saying flatly that it can be broken is at least
misleading. That was the part of the article I wanted to
address.
> A OTP may well be an ubreakable
> algorithm, but it is *not* an unbreakable system.
Sure, everyone knows that. But he didn't say "system" above. He
went on to muddle up several things together, including the word
system, but the first line was a bald error.
> A cryptographic system is much more than an algorithm.
So when one is talking about the system, one must be sure to
differentiate it from the algorithm.
Route
: |] > The only 100% secure system is a one-time pad. ALL others can be
: | ^^^^^^
: |Note that he said "100% secure system". A OTP may well be an ubreakable
: |algorithm, but it is *not* an unbreakable system.
Oops. Bit of a semantical error. You are 100% correct. If the
implementation is in error, the system can certianly fail. My
statement should have been along the lines of:
"...The only 100% secure algorithm is a one-time pad..."
Ken
Something silly :)
>------====### legal notice ###====--------------------------------------------
>Microsoft(tm) Network is prohibited from redistributing this work in any form,
>either in whole or in part. License to distribute this posting is available to
>Microsoft(tm) for (US)$100.00. Posting without prior permission constitutes an
>agreement to these terms. Site license is available for (US)$10,000,000,000.00
>
You KNOW this little bit of fluff is not even remotly binding, or
legal in any way.
===================================================
Ken
soulh...@pobox.com
"Do, or do not. There is no try." - Yoda
.signature virus 4.119 REV A
Copy me to YOUR .signature please!
Ilya
|> A OTP may well be an ubreakable
|> algorithm, but it is *not* an unbreakable system.
One-Time-Pad is technically unbreakable, as an algorithm or a system, but
it can be successfully attacked by getting the key, which has to be
transmitted by a trusted courier. Which means that unlike with PGP, there
is human element involved. Which means that the person transmitting
information can be bribed, or forced to give out the information one way
or the other. It is very unlikely that it will happen, but 'unlikely' just
does not cut it anymore when it comes to encryption. I think OTP is
actually less safe than public-key crypto-systems. The fact of the matter
is that the introduction of public-key cryptography in 1973 doomed OTP and
other symmetric systems to deserved obscurity.
J Parker
secure algorithims with sources have been released to the cyrpto
community to test. If they can't break it after a number of years, they
then begin to consider it secure enough for use. It's called peer review
and has been used in all the academic research communites for years with
great success. I would not trust an algorithim whose source is kept
secret, they usually end up being written by incompentent arogant fools
and are trivial to break.
In article <4feqpp$8...@cliff.island.net>, 0@0.0 says...
>
>low...@ix.netcom.com(Scott Monk ) wrote:
>
>>I think we have a hacker among... Besides myself. If a hacker gains
>>source code on an encryption program then it becomes useless! The best
>>way to understand or to change a program is trhough source code or a
>>complete understaing of it. The best hackers are usually also
>>programmers. :)
>
>I have the source to PGP... I can give it to you... Can you crack it?
>
> - Executioner/[Independent]
>------====### legal notice
###====--------------------------------------------
>Microsoft(tm) Network is prohibited from redistributing this work in any
form,
>either in whole or in part. License to distribute this posting is
available to
>Microsoft(tm) for (US)$100.00. Posting without prior permission
constitutes an
>agreement to these terms. Site license is available for
(US)$10,000,000,000.00
>
>PGP Signature: 67 35 1F 85 34 3D ED CC FD 87 01 22 A5 47 31 EA
>Key available on request.
>
--
The opinions expressed in this message are my own personal views
and do not reflect the official views of Microsoft Corporation.
Route
: | One-Time-Pad is technically unbreakable, as an algorithm or a system, but
: | it can be successfully attacked by getting the key, which has to be
: | transmitted by a trusted courier. Which means that unlike with PGP, there
: | is human element involved. Which means that the person transmitting
: | information can be bribed, or forced to give out the information one way
: | or the other. It is very unlikely that it will happen, but 'unlikely' just
: | does not cut it anymore when it comes to encryption. I think OTP is
: | actually less safe than public-key crypto-systems. The fact of the matter
: | is that the introduction of public-key cryptography in 1973 doomed OTP and
: | other symmetric systems to deserved obscurity.
You are comparing apples and oranges. Asymmetric systems and
symmetric systems work extremely well together. Both systems
compliment each others' weaknesses perfectly. Asym systems solve
the key management issues of sym systems, while sym systems solve
the speed and efficiency problems that plague asym systems. Hybrid
systems such as PGP are living examples.
And this Nonsense about a OTP being doomed in obscurity is just that.
The only potentially absolutely secure system is not about to just
go away. Major Govt's saw (and see) fit to use OTPs, distributing
keys using trusted couriers and armed escorts...
--
[ dae...@netcom.com ] Guild founder, Information enthusiast, Hacker, demon
...it's the nature of my circuitry...
...the me that you know is now made up of wires...
Iolo Davidson
ibel...@runet.edu "Ilya" writes:
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
> |> A OTP may well be an ubreakable
> |> algorithm, but it is *not* an unbreakable system.
Attribution error- I did not write the above. I think it was
Paul. I am in agreement with it, however.
> One-Time-Pad is technically unbreakable, as an algorithm or a system, but
> it can be successfully attacked by getting the key, which has to be
> transmitted by a trusted courier.
Not so. One common scenario requires no courier at all: A
ship leaves home port, carrying enough key for several years
worth of secure comms. For ship, read plane; for plane, read
agent, businessman, journalist, etc.
> Which means that unlike with PGP, there
> is human element involved.
There is a human element with PGP too. Lots of people use PGP
insecurely.
> I think OTP is
> actually less safe than public-key crypto-systems.
It is more secure in the right circumstances, but not suited to
the circumstances under which PGP is typically used.
> The fact of the matter
> is that the introduction of public-key cryptography in 1973 doomed
> OTP and other symmetric systems to deserved obscurity.
Don't agree.
--
FIRST MEN BUY IT THEIR FRIENDS
THEN APPLY IT TO TRY IT
THEN ADVISE Burma-Shave
Ilya
|Ilya (ibel...@runet.edu):
|
| And this Nonsense about a OTP being doomed in obscurity is just that.
| The only potentially absolutely secure system is not about to just
| go away. Major Govt's saw (and see) fit to use OTPs, distributing
| keys using trusted couriers and armed escorts...
You have not addressed my concerns about trusted courriers getting
intercepted and keys getting stolen.
Route
: | You have not addressed my concerns about trusted courriers getting
: | intercepted and keys getting stolen.
Stolen from the courier? Then there is no problem. There is no
complete system. The key never made it to the other party. This
is not a 'True One-Time Pad', and therefore not unbreakble.
William Unruh
>In article <4ftdo7$4...@newslink.runet.edu> ibel...@runet.edu "Ilya" writes:
>You don't need a courier in the situation where an agent/military
>unit leaves base carrying OTP key and uses it to communicate
>while away from the base. And of course stolen OTP key is
>useless. The legitimate user just discards the other pad. Nor
Of course you do not steal it. That would be silly. You copy it.
>can you use stolen key to decode messages recorded from earlier
>transmissions, because used key is destroyed after use. In this
Well, no. For example if the key is on CDROM you keep that CDrom
to use different parts of it many times (most communications are not
600MB long.)
>sense, OTP key management is actually more secure than public
>key.
--
Bill Unruh
un...@physics.ubc.ca
Arnoud Galactus Engelfriet
In article <4ftdo7$4...@newslink.runet.edu>,
ibel...@runet.edu (Ilya) wrote:
> Route (dae...@netcom.com) wrote:
> | And this Nonsense about a OTP being doomed in obscurity is just that.
> | The only potentially absolutely secure system is not about to just
> | go away. Major Govt's saw (and see) fit to use OTPs, distributing
> | keys using trusted couriers and armed escorts...
>
> You have not addressed my concerns about trusted courriers getting
> intercepted and keys getting stolen.
If the courier gets intercepted, the recipient won't get the key, so it
will not be used.
Galactus
- --
To find out more about PGP, send mail with HELP PGP in the SUBJECT line to me.
E-mail: gala...@stack.urc.tue.nl - Please PGP encrypt your mail if you can.
Finger gala...@turtle.stack.urc.tue.nl for public key (key ID 0x416A1A35).
Anonymity and privacy page: <http://www.stack.urc.tue.nl/~galactus/remailers/>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAgUBMSOxMDyeOyxBaho1AQGomwP/YcCyPFV113SxF+JhtASwk7JXCraTiB4j
AGsjudUepgR86rjyYHFlZRPmsaGUAUYsOognrsekSlYr44vlB2z73CZxImGilmCS
QynGl0yTZdiicjiFBmu8DntykvIDlQ2jjKRVF+sSiFLTQ8+Fp2HYR56t+K/VmWqN
JBpzADHbNOs=
=Xpjk
-----END PGP SIGNATURE-----
Ilya
|: | intercepted and keys getting stolen.
|
| complete system. The key never made it to the other party.
... and the message never got encrypted and transmitted, which means that
the assignment never got done. In other words, it was a failure.
Ilya
Ilya
|In article <4ftdo7$4...@newslink.runet.edu> ibel...@runet.edu "Ilya" writes:
|
|> |
|> | And this Nonsense about a OTP being doomed in obscurity is
|> | just that. The only potentially absolutely secure system
|> | is not about to just go away. Major Govt's saw (and see)
|> | fit to use OTPs, distributing keys using trusted couriers
|> | and armed escorts...
|
|> courriers getting intercepted and keys getting stolen.
|
|You don't need a courier in the situation where an agent/military
|unit leaves base carrying OTP key and uses it to communicate
|while away from the base.
Is is conceivable that they key can be stolen? Or lost? Yes.
|And of course stolen OTP key is
|useless. The legitimate user just discards the other pad.
If someone steals your set of keys, they will have successfully sabotaged
your mission, which means you won't be able to encrypt anything. No secure
communications. What if they steal you keys and you don't know it?
Iolo Davidson
un...@physics.ubc.ca "William Unruh" writes:
> In <824415...@mist.demon.co.uk> Iolo Davidson <io...@mist.demon.co.uk> writes:>
>
> >You don't need a courier in the situation where an agent/military
> >unit leaves base carrying OTP key and uses it to communicate
> >while away from the base. And of course stolen OTP key is
> >useless. The legitimate user just discards the other pad. Nor
>
> Of course you do not steal it. That would be silly. You copy it.
Ilya postulated stealing it. Making a copy is a different issue
of course, and presents additional difficulties since you have
to do it without being discovered, or it is functionally the
same as stealing.
> >can you use stolen key to decode messages recorded from earlier
> >transmissions, because used key is destroyed after use. In this
>
> Well, no. For example if the key is on CDROM you keep that CDrom
> to use different parts of it many times (most communications are not
> 600MB long.)
Ah, but is isn't kept on ordinary CDROM, but a writable CDROM,
and the used portions are overwritten after use. (I can invent
my way round anything you can invent.)
But really, if the used pad is destroyed after use, the OTP key
management is more secure than public key where the issue of
decrypting previous messages with a compromised key is concerned.
Iolo Davidson
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
> |In article <4ftdo7$4...@newslink.runet.edu> ibel...@runet.edu "Ilya" writes:
> |
> |> Route (dae...@netcom.com) wrote:
> |> |
> |> | And this Nonsense about a OTP being doomed in obscurity is
> |> | just that. The only potentially absolutely secure system
> |> | is not about to just go away. Major Govt's saw (and see)
> |> | fit to use OTPs, distributing keys using trusted couriers
> |> | and armed escorts...
> |
> |> You have not addressed my concerns about trusted
> |> courriers getting intercepted and keys getting stolen.
> |
> |He may not have (dunno), but I did.
> |
> |You don't need a courier in the situation where an agent/military
> |unit leaves base carrying OTP key and uses it to communicate
> |while away from the base.
>
> Is is conceivable that they key can be stolen? Or lost? Yes.
Sure, but that would also be the case where an agent/military
unit leaves base carrying a public key. We aren't talking about
the courier issue anymore, but obtaining the key from one of the
communicators, which is a vulnerability for both OTP and PGP.
That is not a weakness in key management peculiar to OTP.
> |And of course stolen OTP key is
> |useless. The legitimate user just discards the other pad.
>
> If someone steals your set of keys, they will have successfully sabotaged
> your mission, which means you won't be able to encrypt anything. No secure
> communications. What if they steal you keys and you don't know it?
Same deal. You started talking about insecure transmission of
keys. I pointed out there was no transmission in the case of an
agent/military unit leaving base, so you switched to scenarios
involving compromising the principles, which apply equally to OTP
and public key.
And you have not acknowledged the aspects of OTP in which
the key management is actually more secure, in that used pad/key
can be destroyed making it impossible to steal the key to decode
messages sent previous to the theft.
Iolo Davidson
> Route (dae...@netcom.com) wrote:
> |Ilya (ibel...@runet.edu):
> |
> |: | You have not addressed my concerns about trusted courriers getting
> |: | intercepted and keys getting stolen.
> |
> | Stolen from the courier? Then there is no problem. There is no
> | complete system. The key never made it to the other party.
>
> ... and the message never got encrypted and transmitted, which means that
> the assignment never got done. In other words, it was a failure.
Not at all. Just send another courier.
Adam Back
gala...@stack.urc.tue.nl (Arnoud "Galactus" Engelfriet) wrote:
> ibel...@runet.edu (Ilya) wrote:
> > You have not addressed my concerns about trusted courriers getting
> > intercepted and keys getting stolen.
>
> will not be used.
There is a fuller set of scenarios than you credit Ilya for:
1. courier gets intercepted, and pad taken
as you describe, not a problem because you don't get the pad
2. courier is corrupt and gives a copy to a third party for a huge sum
of money
people always were the weakest link in the system, get a more
trustworthy courier or super encrypt PAD using conventional
crypto (either public-key or secret-key)
3. courier is sloppy and someone "borrows" the PAD briefly, copies and
replaces it unnoticed by courier
again super encrypt PAD
On super encrypting the PAD using some huge key: presumably people who
use OTPs do this as a backup in case of untrustworthy couriers. The
problem with this is that if the worst case arises and your courier
leaks the encrypted PAD, you have fallen back to a system which is
equivalent in security to the conventional encryption system used.
Another approach would be to use multiple couriers, on the assumption
that it ought to be harder for your opponent to corrupt *all* of the
courriers. XORing together all of the pads would provide the used
pad. n-1 pads would be useless, all n would be required, adjust n to
suit your security requirements.
Adam
--
Munitions T-shirt home page: http://www.obscura.com/~shirt/
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
Ilya
|-----BEGIN PGP SIGNED MESSAGE-----
|
|In article <4ftdo7$4...@newslink.runet.edu>,
|ibel...@runet.edu (Ilya) wrote:
|> | And this Nonsense about a OTP being doomed in obscurity is just that.
|> | The only potentially absolutely secure system is not about to just
|> | go away. Major Govt's saw (and see) fit to use OTPs, distributing
|> | keys using trusted couriers and armed escorts...
|>
|> intercepted and keys getting stolen.
|
|If the courier gets intercepted, the recipient won't get the key, so it
|will not be used.
Yes, and the message does not get transmitted. In other words, it is
failure.
Ilya
Iolo Davidson
ibel...@runet.edu "Ilya" writes:
If you can send one courier, you can send another.
Jean-Francois Avon (QC, CANADA)
electrons to say:
>Even one time pad can be broken.
???
>One time pad
>is similar to pgp, it just uses a different key every time.
???
>But if
>you can do that...
<having a secure channel>
>, why do you need to bother with encryption in the first place?
Because I may meet a friend today and be on another continent tomorrow.
I might give her a code disk (a WORM CD-ROM ?) that she uses and then erases
as she
uses the groups. 720Mbytes or random bits can encrypt a *lot* of love
letters...
JFA
Ilya
|In article <4gae18$7...@newslink.runet.edu>
| ibel...@runet.edu "Ilya" writes:
|
|> Arnoud "Galactus" Engelfriet (gala...@stack.urc.tue.nl) wrote:
|> |
|> |If the courier gets intercepted, the recipient won't get the key, so it
|> |will not be used.
|>
|> Yes, and the message does not get transmitted. In other words, it is
|> failure.
|
|If you can send one courier, you can send another.
But you can't be really sure that the message will not be copied again.
Iolo Davidson
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
> |In article <4gae18$7...@newslink.runet.edu>
> | ibel...@runet.edu "Ilya" writes:
> |
> |> Arnoud "Galactus" Engelfriet (gala...@stack.urc.tue.nl) wrote:
> |> |
> |> |If the courier gets intercepted, the recipient won't get
> |> |the key, so it will not be used.
> |>
> |> Yes, and the message does not get transmitted. In other
> |> words, it is failure.
> |
> | If you can send one courier, you can send another.
>
> But you can't be really sure that the message will not be
> copied again.
"Copied" wasn't the contention above. You can in principle send
as many couriers as you need to get a key through. Denial of
service by preventing all couriers getting through is not
practicable.
When copying is the issue, another poster to this thread has
pointed out that you can even defeat the bribe/copy scenario by
sending several different keys by different couriers, all of
which need to be XORed together to get the key for use. The man
in the middle would have to intercept and corrupt *all* the
couriers to subvert the key. If he prevents a courier delivering
one part, that part can be sent by another courier. That
approaches the difficulty faced by a man in the middle attack on
PGP.
--
MAN PASSES DOG GETS OUT
DOG HOUSE MAN GETS IN
DOG SEES CHIN Burma-Shave
Ilya
|In article <4gif9d$1...@newslink.runet.edu> ibel...@runet.edu "Ilya" writes:
|
|When copying is the issue, another poster to this thread has
|pointed out that you can even defeat the bribe/copy scenario by
|sending several different keys by different couriers, all of
|which need to be XORed together to get the key for use. The man
|in the middle would have to intercept and corrupt *all* the
|couriers to subvert the key. If he prevents a courier delivering
|one part, that part can be sent by another courier. That
|approaches the difficulty faced by a man in the middle attack on
|PGP.
This sounds like an interesting idea I have not heard before. It is
unlikely, but not infeasable that keys can be stolen from _all_
couriers. The key question is, does this make OTP less secure than public
key crypto-systems? I suspect so, despite the fact that public-key
crypto-systems have the problem of authentication: You may not be sure
that public keys in your keyring really belong to legitimate recepients. I
suppose one would have to verify the hexadecimal fingerprint of a key by
telephone. I still think that all things considered, public-key
crypto-systems are somewhat safer than any other encryption protocol.