[43020] in Cypherpunks
Re: using pgp to make an otp
daemon@ATHENA.MIT.EDU (Derek Atkins)
Mon Nov 6 23:52:54 1995
To: Adam Shostack <adam@lighthouse.homeport.org>
Cc: Alan.Pugh@internetMCI.COM (amp), cypherpunks@toad.com
In-Reply-To: Your message of "Mon, 06 Nov 1995 23:07:58 EST."
<199511070407.XAA04557@homeport.org>
Date: Mon, 06 Nov 1995 23:31:16 EST
From: Derek Atkins <warlord@MIT.EDU>
> PGP output is not random enough to be used for a one time pad.
> The security of a OTP is *entirely* based on the quality of the random
> numbers; they should come from some strong generator. Building good
> one time pads is tough, and usually not worth the effort.
No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
random enough for an OTP. The problem then becomes distributing this
data.
-derek