Re: TBTF for 8/25/97: Ants go marching

Rohit Khare (khare@w3.org)
Tue, 26 Aug 1997 22:50:00 -0400 (EDT)


> 2. Win a million
>
> A couple of years back Elementrix claimed [6] to offer encryption
> based on the cryptographers' holy grail, the one-time pad. But the
> claim proved hollow [7]. Now a startup called Crypto-Logic Corp.
> [8] has the genuine article. It's offering a $1M prize to anyone
> who can decipher a simple English challenge message within a year's
> time. Sure, why not a million, the encryption technique is provably
> unbreakable. Each message is encrypted by a key as long as the mes-
> sage itself and the keys are used once only. The software, Ulti-
> mate Privacy, runs on Windows 95 and NT. It costs $99 and includes
> two software pads, which allow you to encrypt 2000-4000 messages
> between yourself and a single recipient. The company sells pads for
> use if you exhaust the first pair, or if you wish to encrypt mes-
> sages to a second recipient, but I could not find a price on their
> Web site.
>
> [6] http://www.tbtf.com/archive/10-03-95.html
> [7] http://www.tbtf.com/archive/12-18-95.html
> [8] http://www.ultimateprivacy.com

"unbreakable"?

Nope. It's breakable by anyone who has the key: and like any other
secret key system, there's a fatal repudiability to that. Because,
in this scenario, you have the key (pad), I have the key (pad),
AND ELEMENTRIX has the KEY. They sold it to you after all :-)

The fundamental problem with the 'absolute security' of one-time-pad
is (1) distributing the pad and (2) not reusing the pad. Then, when it
does work, all you get is a secret channel, not a trusted one. I can't
prove you sent me or didn't send me any message on that channel: it's
ABSOLUTELY secret. Can't build e-commerce on that, only on the PUBLIC
trust of PK signatures, etc.

(1) means that I can't scale to many users: I have to have a
prearranged trust relationship. And I need to ship around O(protected
bits) size material around the world -- no compression here! (and of
course, I can't send the pad electronically: it has to be out-of-band
on some entriely different medium, like CD-ROM) If I fail to provide
enough of (1), desperate WW2 era Soviet agents will start doing (2),
which is how NSA humans cracked Venona material (over decades!).

Show me the trust! In this case, that slogan leads you down the
gutter path to find that every customer has to trust Elementrix
absolutely and infintely. And that's above and beyond trusting them
to get the *technology* of pad generation right, instead of using some
'pseudroandom generator' :-)

Yeah, I'd bet a million dollars on their system. A million dollars
they'll vanish without a trace. Losers.

Rohit