[43020] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: using pgp to make an otp

daemon@ATHENA.MIT.EDU (Derek Atkins)
Mon Nov 6 23:52:54 1995

To: Adam Shostack <adam@lighthouse.homeport.org>
Cc: Alan.Pugh@internetMCI.COM (amp), cypherpunks@toad.com
In-Reply-To: Your message of "Mon, 06 Nov 1995 23:07:58 EST."
             <199511070407.XAA04557@homeport.org> 
Date: Mon, 06 Nov 1995 23:31:16 EST
From: Derek Atkins <warlord@MIT.EDU>

> 	PGP output is not random enough to be used for a one time pad.
> The security of a OTP is *entirely* based on the quality of the random
> numbers; they should come from some strong generator.  Building good
> one time pads is tough, and usually not worth the effort.

No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
random enough for an OTP.  The problem then becomes distributing this
data.

-derek

home help back first fref pref prev next nref lref last post