[3155] in cryptography@c2.net mail archive
Re: OTP Revival?
daemon@ATHENA.MIT.EDU (Dan Todd)
Thu Aug 6 11:34:18 1998
X-Envelope-To: cryptography@c2.net
From: "Dan Todd" <dantodd@dnai.com>
To: <horns@t-online.de>, <cryptography@c2.net>
Date: Thu, 6 Aug 1998 08:06:40 -0700
I don't think these guys are even serious. It must be a hoax.
1) Why they think their technology may fail "Public Key is simple"
presumably compared to an OTP
2) They don't use their kaypassing mechanism to pass full message because
"If we used the encryption method that we use for key updates for the email
itself, should the encryption be compromised at that point the message would
be readable." Presumably XOR adds that extra security they need
3) Ridiculous expectations/understanding of patents and their IP "If our
company fails, no one will have a chance at true, enterprise-wide, one-time
pad encryption for 17 years because our patents will fall with us."
4) The acronym for their flagship product "Ultimate Privacy Enterprise
Edition" U-PEE, I-PEE, We All PEE
-----Original Message-----
From: Axel H. Horns <Horns@t-online.de>
To: cryptography@c2.net <cryptography@c2.net>
Date: Thursday, August 06, 1998 6:34 AM
Subject: OTP Revival?
Snake Oil? Sound solution? What do you think about?
[Obvious snake oil. I wonder if it is even worth forwarding
this. --Perry]
http://www.wired.com/news/news/technology/story/13920.html
----------------------- CUT ----------------------
The Unbreakable Data Lock
by Chris Oakes
3:55pm 3.Aug.98.PDT
"Encryption Code Cracked in Record Time"
[...]
The latest company to attempt to turn one-time
pad encryption into a commercial product is the
Austin, Texas, startup Ultimate Privacy. The
company's software for corporate networks
represents "true one-time pad encryption of
email," said Rudy Rouhana, company director of
applied technology and security. Ultimate Privacy
is applying for patents on what it believes to be
the first sound method of one-time pad
encryption.
[...]
Ultimate Privacy's solution comes in the form of
"dynamic key updating," which "basically
eliminates the problem of key distribution," said
Rouhana.
On the surface, he acknowledges, the solution
looks like a weakness as the company's software
distributes keys over the network. But he says
the redundancies of the security used makes
Ultimate Privacy's compromise a sound one.
The server-based encryption package (Ultimate
Privacy Enterprise Edition) distributes keys --
"keypad updates" in one-time pad terminology --
electronically over the network using
conventional encryption methods.
[...]
Other encryption companies remain skeptical.
Philip Deck, CEO of elliptic curve encryption
company Certicom, isn't satisfied with the
Ultimate Privacy approach to key management.
[...]
----------------------- CUT ----------------------
Axel H. Horns
--
Axel H. Horns
horns@gmx.net
