> I was contacted and asked whether I was interested in software which
> which used a one time pad for encrytion.
>
> It comes from Elementrix an Isreali company is offering encrypted email,
> ftp and what they call "personal firewall" software.
>
> This software uses a One Time Pad via a patent pending method. I am no
> encryption expert and the information available is limited but it would
> seem to me that there is no way to do this over the internet securely.
>
> See, http://www.elementrix.co.il/
I agree. The OTP system they are describing is the cryptographic equivalent
of a perpetual motion machine. My guess is that they are using some
conventional cryptography and key exchange to get started, and then
compressing the received messages to get 'truly random' numbers to
derive the so-called 'OTP' keys. It also sounds like they are
transmitting extra random bits through the initial channel to be used
next time round -- hence the expansion of the messages. If they didn't
do that they'd have a shortfall of bits and wouldn't be able to make
their 'OTP' key sufficiently long. Perhaps they can't anyhow.
That's not to say that it isn't a good system -- I don't know the
details, and I'm not a cryptanalyst either -- but I'll be very surprised
if the 'OTP' claim is anything other than snake oil.
Cheers,
Frank O'Dwyer
(speaking for himself, not his employer).
References:
|
|
