One-time pad (was: Re: TBTF for 8/25/97: Ants go marching)

Keith Dawson (dawson@world.std.com)
Thu, 28 Aug 1997 06:05:15 -0400


At 10:50p 8/26/97, Rohit Khare wrote:
>> time. Sure, why not a million, the encryption technique is provably
>> unbreakable.
>
>"unbreakable"?

Point taken. Best rephrased as "Provably impossible to decipher through
computation alone."

>Nope. It's breakable by anyone who has the key: and like any other
>secret key system, there's a fatal repudiability to that. Because,
>in this scenario, you have the key (pad), I have the key (pad),
>AND ELEMENTRIX has the KEY. They sold it to you after all :-)

BTW, the company is Crypto-Logic. Elementrix's tech turned out not even to
deserve to claim to be an OTP.

I received this note from the company after sending them a copy of TBTF:

: ...we also employ "Blowfish" both for the individual
: password to enter the program and for a secondary encryption for each
: message. This is employed via a unique password generated for each keypad
: as it is installed, using speed and keystroke interval to generate the
: password. We do this for several reasons, not least to reassure users that
: we have no interest in retaining copies of the keypads nor in effective
: escrow by any third parties.

>Then, when it
>does work, all you get is a secret channel, not a trusted one.

Nothing to prevent the parties from using PK over their secret channel to
establish authentication. But of course you're right, an OTP solves a dif-
ferent problem than PK system.

>Yeah, I'd bet a million dollars on their system. A million dollars
>they'll vanish without a trace. Losers.

I wouldn't even bet with you that they won't vanish. The stats on tech
startups in general are on your side.

_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.