One Time Pad encryption over the Internet, securely? (fwd)

Mark Chen chen at
Thu Oct 26 21:07:55 PDT 1995


> I *had* to forward this to you.  Can you give him the answer, or are you
> bound by an NDA?  I can't remember.
> Corby

Unfortunately, I am bound by an NDA.

However, I am not violating the NDA by saying that Craig is correct.
There is no way to do a one-time pad except by doing a one-time pad.
In other words, it is not possible to generate synchronized, truly
random key streams at remote locations non-algorithmically.

One-time pads have a property that no other encryption scheme has.  If
I am an attacker and I somehow gain access to all of the key material
and all of the plaintext that two communicating parties have so far
used, I am still unable to decipher the next transmission.  *Only*
one-time pads have this property, and there is no way to achieve it
without negotiating a key stream out of band.

OTPs also have some other properties that are more mathematical in
nature.  For instance, the probability of getting any particular bit
of plaintext from a given ciphertext is equal to the raw probability
of getting that plaintext by itself.  In other words:

   p_P(x_i | c) = p_P(x_i)

where P is the plaintext space, x_i is the plaintext, and c is the


   p_K(K) = 1/|K|

which means that all keys are used with equal probability,
irrespective of plaintext and ciphertext.

Hope this helps!

   - Mark -

> Forwarded message:
> > From firewalls-owner at GreatCircle.COM Thu Oct 26 03:39:33 1995
> > X-Delivered: at request of corby on doom
> > X-Authentication-Warning: majordom set sender to firewalls-owner using -f
> > From: Craig Bishop <csb at>
> > Message-Id: <199510260745.RAA16385 at>
> > Subject: One Time Pad encryption over the Internet, securely?
> > To: firewalls at
> > Date: Thu, 26 Oct 1995 17:45:13 +1000 (EST)
> > X-Mailer: ELM [version 2.4 PL21]
> > Mime-Version: 1.0
> > Content-Type: text/plain; charset=US-ASCII
> > Content-Transfer-Encoding: 7bit
> > Sender: firewalls-owner at GreatCircle.COM
> > Precedence: bulk
> > 
> > I was contacted and asked whether I was interested in software which
> > which used a one time pad for encrytion.
> > 
> > It comes from Elementrix an Isreali company is offering encrypted email,
> > ftp and what they call "personal firewall" software.
> > 
> > This software uses a One Time Pad via a patent pending method. I am no
> > encryption expert and the information available is limited but it would
> > seem to me that there is no way to do this over the internet securely.
> > 
> > See,
> > 
> > Cheers, Craig
> > 
> > -- 
> > Craig Bishop - Internet Security Analyst
> > csb at
> >
> > 

Mark Chen 
chen at
finger for PGP public key
D4 99 54 2A 98 B1 48 0C  CF 95 A5 B0 6E E0 1E 1D

More information about the Testlist mailing list