>- -----Original Message-----
>X-Loop: openpgp.net
>From: Jack Oswald [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, June 06, 2000 5:05 PM
>To: [EMAIL PROTECTED]
>Subject: RE: random seed generation without user interaction?
>
>Jeff - in your posting, you mentioned mouse pointer waving. You should be
>aware that that method of gathering entropy has been patented and should not
>be used without a license.
>
>Jack
2 questions:
1. Who patented this?
2. What in the world are you peddling?
<http://www.rpkusa.com/tech.html>
Just to quote a few things from your website-
"Secure encryption implementations in use today can generally be
categorized as hybrid systems that combine a symmetric algorithm
(e.g. DES or RC4) with an asymmetric algorithm (e.g. RSA,
Diffie-Hellman key exchange). The RPK Encryptonite� Engine leverages
a core Mixture Generator� to perform both an
initialization/synchronization phase followed by a combining data
encryption phase. Therefore, RPK Encryptonite� accomplishes in one
algorithm what others only accomplish in two algorithms. The result
is substantially smaller code size, a less complex overall system,
more secure key management and dramatically smaller chip
implementations."
and a paragraph later
"Based on the same mathematics as Diffie-Hellman Key Exchange, the
security of RPK Encryptonite� is directly related to the difficulty
of solving the discrete log problem over large finite fields. Due to
the nature of the mathematics involved, the RPK Encryptonite� Engine
cannot effectively be cracked using distributed processing, as with
recently broken encryption systems. The security level of the RPK
Encryptonite� Engine is determined by key size, with typical secure
keys in the 600 bit range and above. RPK Encryptonite� has been
analyzed by world class cryptographers who have issued reports on the
security and integrity of the technology."
Not to accuse you of peddling snake oil but I'd be curious to see the
reports of your world class cryptographers as well as the math you
base your claims on. It seems to me (though I'd welcome a better
explanation) that ANY encryption algorithm (excluding our dear friend
the one-time pad) must have a finite set of keys. It must then be
possible to test those keys using one computer and by extensions
check more keys by throwing more computers at the problem. As
another minor note, there is no reason one cannot use an asymmetric
system on it's own. The reason hybrid systems are used is because of
the superior speed of symmetric algorithms and the better security
offered by generating session keys for each message (and thus
providing your attacker with fewer bytes of cyphertext encrypted with
a useful key (cracking the symmetric system reveals one message,
cracking the asymmetric breaks the entire system).
Thus it seems to me for your system to live up to the claims of the
second paragraph it must meet 2 requirements
1. It must be secure. It's also worth noting that as an asymmetric
algorithm it must be subject to much more rigorous proof of it's
security- asymmetric algorithms by there mathematical background
often fall pray to seemingly minor mathematical holes that break the
entire algorithm. Even the much revered RSA is subject to
devastating weakness when the system is manipulated.
2. It must be substanstially faster than a typical hybrid system (ie.
RSA and DES, or Diffie Helman and IDEA) when encrypting normal sized
messages.
I look forward to your reply.
--
Kevin "The Cubbie" Elliott
<mailto:[EMAIL PROTECTED]> ICQ#23758827
_______________________________________________________________________________
"As nightfall does not come at once, neither does oppression. In both
instances, there is a twilight when everything remains seemingly
unchanged. And it is in such twilight that we all must be most aware
of change in the air--however slight--lest we become unwitting
victims of the darkness."
-- Justice William O. Douglas
