[43013] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: using pgp to make an otp

daemon@ATHENA.MIT.EDU (Adam Shostack)
Mon Nov 6 23:28:38 1995

From: Adam Shostack <adam@homeport.org>
To: Alan.Pugh@internetMCI.COM (amp)
Date: Mon, 6 Nov 1995 23:07:58 -0500 (EST)
Cc: cypherpunks@toad.com
In-Reply-To: <01HXC3AEU9BM91Y89B@MAIL-CLUSTER.PCY.MCI.NET> from "amp" at Nov 7, 95 08:15:57 pm

amp wrote:

| my point here is that _if_ pgp output is random enough, i wouldn't need
| hardware. even i, with my extremely limited programming skills could create
| a .cmd file or program that could be used as imput for a stream cypher.

	PGP output is not random enough to be used for a one time pad.
The security of a OTP is *entirely* based on the quality of the random
numbers; they should come from some strong generator.  Building good
one time pads is tough, and usually not worth the effort.


Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume


home help back first fref pref prev next nref lref last post