[117563] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Build a better OTP?

daemon@ATHENA.MIT.EDU (Sean Roach)
Mon Sep 6 06:08:11 1999

Message-Id: <3.0.6.32.19990906044156.007f4bc0@mail.intplsrv.net>
Date: Mon, 06 Sep 1999 04:41:56 -0500
To: cypherpunks@algebra.com
From: Sean Roach <roach_s@mail.intplsrv.net>
In-Reply-To: <025901bef83f$da447460$0200a8c0@marcu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Sean Roach <roach_s@mail.intplsrv.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 04:17 AM 9/6/99 -0400, Marcel Popescu wrote:
>
>X-Loop: openpgp.net
>From: Sean Roach <roach_s@mail.intplsrv.net>
>
>
>> What do you think?
>
>1. You will need some sort of synchronization mechanism.
>2. What about servers dedicated to sending streams of random bits on
>the 'net? I know that some of them might be gov't-operated, but
>probably only a small percentage. The computing power necessary for
>this seems to be small. And I believe strong pseudo-random
>generators exist. Of course, this is less random than a satellite
>stream, but it doesn't require additional hardware.  
>
1.  You can possibly use a time base from the same souce as the
random data.  Otherwise, very closely syncronized clocks, updated
over an out-of-band transmission of the communication channel. 
During handshake, the receiving computer can move the "key" around
until it gets something it recognizes as valid.  It shouldn't need to
try more than a dozen times before it has a fix, so the small
varience involved after syncing early in the transmission shouldn't
affect it too much.

2.  I thought of this.  The thing is, when you get information, you
are sending a request for information to the server that it resides
on.  Since it isn't getting to your machine 24/7, if someone were
watching your system, they could narrow your key choices down to the
various data you were requesting off of the net.  That is why I chose
to suggest a broadcast medium for the key.  Since it's hitting you
24/7, there is no way, save by bugging your machine, or to some
degree, keeping a really close eye on the orientation of any
directional antennas, (like satellite dishes,) to know just which
source you picked.  And if they bugged your machine, as has been made
clear here, you aren't going to get much use out of encryption in the
first place.

Sean Roach

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN9OMY5HDoiHtqFDZEQKG1wCfUdxBFJkuTpdt0Iz6OnFF7DESangAoICh
VTcAn1CM4yw+CzSTwpgTBWpg
=Ix5S
-----END PGP SIGNATURE-----



home help back first fref pref prev next nref lref last post