l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 04 23:17

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?

On Tue, Jun 04, 2002 at 09:39:32PM -0700, Micah Cowan wrote:
> This is really picky of course, but the other criteria for "secure use
> of Xor", in addition to having a key at least as long as your data,
> is:
>   1. That it be a random sequence - *truly* random.  This rules out
>      using "passphrases" and the like.  *All* passphrases or passwords
>      are extremely insecure for Xor, regardless of length.

Correct, a passphrase would violate the xor sequence longer then the data
rule.  Passing PID or time as a seed to random would also be a very
bad idea.   Md5 checksums of random noise (transistors, radio reception
of static, radioactive decay etc) is the level of randomness that is

>   2. That it be used only one time, and then discarded - never to be
>      used again.

And discarded very carefully, burn it and stir the ashes type careful.
rm OTP.key isn't necessarily enough.

> <rant>
> Which is why you should get extremely skeptical when a company called
> Prescient claims to have created a "virtually unbreakable" encryption

If anyone claims it's so secure that they are going to run a cracking
contest beware, for more info:

> Now, having said that, I'll protect my butt by pointing out that their
> technology *could* still be unbreakable, but not for the reasons they
> claim.  They don't seem to have published their algorithms; their

Another large warning sign, see the above url.

> "Technical White Paper" (http://www.prescient.net/pdf/e2Sec.pdf)
> claims that the keys generated are undeterministic; but I'm rather
> skeptical as to how they could be generated, and understood by another
> host across the 'Net, if they were not undeterministic - unless of
> course their server simply sends the key across the 'Net in the clear
> ;) I'm not a cryptanalyst, and even if I were, I couldn't debunk their

Sounds just like another crappy system with good PR.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.