using pgp to make an otp
Derek Atkins
warlord at MIT.EDU
Wed Nov 8 13:33:52 PST 1995
> PGP output is not random enough to be used for a one time pad.
> The security of a OTP is *entirely* based on the quality of the random
> numbers; they should come from some strong generator. Building good
> one time pads is tough, and usually not worth the effort.
No, however the output of "pgp +makerandom=XXX filename.dat" _IS_
random enough for an OTP. The problem then becomes distributing this
data.
-derek
More information about the Testlist
mailing list