[42896] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: using pgp to make an otp

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sat Nov 4 23:30:39 1995

To: amp <Alan.Pugh@internetmci.com>
Cc: cypherpunks <cypherpunks@toad.com>
In-Reply-To: Your message of "Sun, 05 Nov 1995 09:58:39 EST."
             <01HX8P5B3MCI91XT4Q@MAIL-CLUSTER.PCY.MCI.NET> 
Reply-To: perry@piermont.com
Date: Sat, 04 Nov 1995 23:28:08 -0500
From: "Perry E. Metzger" <perry@piermont.com>


amp writes:
> i want a source of data for use as a otp. i don't want to have to
> hook up any external devices to my pc to do it. (although some of the
> methods mentioned in the past few days are quite interesting.) 
> 
> i'd like to know if there was a reason not to use the output of pgp
> to do it.

Yes. What you have then is just an elaborate cipher that is not a one
time pad. For it to be a one time pad, the numbers must be truly
random and generated only once, period.

> i would think that the output of pgp should be pretty darn random.

If PGP is good enough for use as a source for cipher keying material,
then you needn't use it as a one time pad -- just use PGP directly. If
PGP isn't good enough, it certainly isn't good enough for use as
cipher keying material. In either case, it is NOT NOT NOT a one time
pad if it isn't truly random numbers -- that means physically random.

Perry

home help back first fref pref prev next nref lref last post