Point taken. Best rephrased as "Provably impossible to decipher through
computation alone."
>Nope. It's breakable by anyone who has the key: and like any other
>secret key system, there's a fatal repudiability to that. Because,
>in this scenario, you have the key (pad), I have the key (pad),
>AND ELEMENTRIX has the KEY. They sold it to you after all :-)
BTW, the company is Crypto-Logic. Elementrix's tech turned out not even to
deserve to claim to be an OTP.
I received this note from the company after sending them a copy of TBTF:
: ...we also employ "Blowfish" both for the individual
: password to enter the program and for a secondary encryption for each
: message. This is employed via a unique password generated for each keypad
: as it is installed, using speed and keystroke interval to generate the
: password. We do this for several reasons, not least to reassure users that
: we have no interest in retaining copies of the keypads nor in effective
: escrow by any third parties.
>Then, when it
>does work, all you get is a secret channel, not a trusted one.
Nothing to prevent the parties from using PK over their secret channel to
establish authentication. But of course you're right, an OTP solves a dif-
ferent problem than PK system.
>Yeah, I'd bet a million dollars on their system. A million dollars
>they'll vanish without a trace. Losers.
I wouldn't even bet with you that they won't vanish. The stats on tech
startups in general are on your side.
_______________________________________________
Keith Dawson dawson@world.std.com
Layer of ash separates morning and evening milk.