On Mon, 21 Jul 2008 04:36:52 -0700 (PDT), jmorton123

jmorton... at (no spam) rock.com> wrote:
I was doing some searching and came across some software but it
doesn't seem to be available any longer.

It's called Original Absolute Privacy.

Does anyone have a copy or know how I can get a copy?

The website is not up.

Thanks.

jmorton123 at (no spam) rock dot com

I was able to find "AbsolutePrivacy" (http://www.cryptobase.com/) but
that does not use a One Time Pad.  Software for the OTP is trivial,
the big problem is with key distribution.

What did the software you were looking for do?  There may well be an
alternative.

rossum

I was doing some searching and came across some software but it
doesn't seem to be available any longer.

It's called Original Absolute Privacy.

Does anyone have a copy or know how I can get a copy?

The website is not up.

I was doing some searching and came across some software but it
doesn't seem to be available any longer.

It's called Original Absolute Privacy.

Does anyone have a copy or know how I can get a copy?

The website is not up.

Thanks.

jmorton123 at (no spam) rock dot com
I was able to find "AbsolutePrivacy" (http://www.cryptobase.com/) but

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.
A pseudo random stream can only give you a pseudo OTP. The security

It seems that there are 10! ways to arrange these ten digits.
A lot will depend on the detail of how one of the many permutations of

Anyway, without the software or the website
I don't have much of a clue how the random numbers were generated.
Indeed, that is the crucial part of any stream cypher, how the

This is all I'm interested in is the pseudo random number generator.
From there anyone can write encryption software.

On Mon, 21 Jul 2008 08:55:03 -0700 (PDT), jmorton123
jmorton123 at (no spam) rock.com> wrote:

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.
A pseudo random stream can only give you a pseudo OTP.

On Mon, 21 Jul 2008 08:55:03 -0700 (PDT), jmorton123
jmorton123 at (no spam) rock.com> wrote:

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.

A pseudo random stream can only give you a pseudo OTP. The security
proof of an OTP requires a genuinely random key used only once. A
pseudo-random key does not meet the criteria and so is not provably
secure.

On Mon, 21 Jul 2008 08:55:03 -0700 (PDT), jmorton123
jmorton123 at (no spam) rock.com> wrote:

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.
A pseudo random stream can only give you a pseudo OTP. The security
proof of an OTP requires a genuinely random key used only once. A
pseudo-random key does not meet the criteria and so is not provably
secure.

An OTP with a pseudo random keystream is called a stream cypher, and
may or may not be secure. The fact that whoever wrote this program
calls a stream cypher an OTP indicates that they are not well enough
aquainted with the basics of cryptography. The use of digits rather
than bytes or larger tends to reinforce this indication.

It seems that there are 10! ways to arrange these ten digits.
A lot will depend on the detail of how one of the many permutations of
the digits is selected. If the attacker can easily reproduce the
selection then the cypher is broken.

Anyway, without the software or the website
I don't have much of a clue how the random numbers were generated.
Indeed, that is the crucial part of any stream cypher, how the
keystream is generated.

There are a number of cryptographic quality PRNGs avilable: Blum,
Blum, Shub (BBS), Yarrow and Fortuna are all described on the web. As
for stream cyphers, RC4 is very easy to program as a learning
exercise, but is broken. Salsa-20, Rabbit-128 and Phelix are more

modern but not so easy to code.

rossum

This is all I'm interested in is the pseudo random number generator.
From there anyone can write encryption software.

rossum <rossum48 at (no spam) coldmail.com> wrote:

On Mon, 21 Jul 2008 08:55:03 -0700 (PDT), jmorton123
jmorton123 at (no spam) rock.com> wrote:

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.

A pseudo random stream can only give you a pseudo OTP. The security
proof of an OTP requires a genuinely random key used only once. A
pseudo-random key does not meet the criteria and so is not provably
secure.

I'd like to add that the OTP gives you perfect secrecy. This is nowhere
near perfect or even provable security. You get perfect security for a
cryptosystem, when it cannot be broken, unless the keys are known. The
OTP does not fulfill this requirement, because two messages encrypted
with the same key will turn it into a mere Vigenere cipher, enabling
easy classical cryptanalysis.

Isn't "broken" a bit harsh. Is it anything but a slight bias in the long
term statistics of the output? Ie, if I give you a 1MB file encrytped by
RC4, and give you the first 1K of plaintext, can you recover the rest of
the plaintext?

Simon  Johnson <simon.john... at (no spam) gmail.com> wrote:

Isn't "broken" a bit harsh. Is it anything but a slight bias in the
long term statistics of the output? Ie, if I give you a 1MB file
encrytped by RC4, and give you the first 1K of plaintext, can you
recover the rest of the plaintext?

Yes, this has been debated to death over the years.

Over tens of gigabytes, the bias in RC4 is probably sufficient to tell
the difference between English and say Chinese if the plain-text was
encoded in Unicode.

No self respecting cipher has that fault; That, to me, is a break.

I really don't think that ciphers have feelings.  They have a purpose
and the purpose of RC4 is quite limited, but for its purpose it performs
very well.  It is harsh to call RC4 in the context of WPA broken,
because it isn't.  It's extremely fast and secure for usage in home
WLANs, even at a massive scale.

Greets,
Ertugrul.

--
nightmare = unsafePerformIO (getWrongWife >>= sex)

Ertugrul Söylemez <es at (no spam) ertes.de> writes:

rossum <rossum48 at (no spam) coldmail.com> wrote:

A pseudo random stream can only give you a pseudo OTP. The
security proof of an OTP requires a genuinely random key used only
once. A pseudo-random key does not meet the criteria and so is not
provably secure.

I'd like to add that the OTP gives you perfect secrecy. This is
nowhere near perfect or even provable security. You get perfect
security for a cryptosystem, when it cannot be broken, unless the
keys are known. The OTP does not fulfill this requirement, because
two messages encrypted with the same key will turn it into a mere
Vigenere cipher, enabling easy classical cryptanalysis.

You cannot, by definition, encrypt two messages with the same key in
an OTP system, as it's not a OTP if you're doing that.

Isn't "broken" a bit harsh. Is it anything but a slight bias in the
long term statistics of the output? Ie, if I give you a 1MB file
encrytped by RC4, and give you the first 1K of plaintext, can you
recover the rest of the plaintext?

Yes, this has been debated to death over the years.

Over tens of gigabytes, the bias in RC4 is probably sufficient to tell
the difference between English and say Chinese if the plain-text was
encoded in Unicode.

No self respecting cipher has that fault; That, to me, is a break.

rossum <rossum48 at (no spam) coldmail.com> writes:

On Mon, 21 Jul 2008 08:55:03 -0700 (PDT), jmorton123
jmorton123 at (no spam) rock.com> wrote:

The software is based on using ten digit arrays of the digits 0-9 to
generate a pseudo random stream.
A pseudo random stream can only give you a pseudo OTP. The security
proof of an OTP requires a genuinely random key used only once. A
pseudo-random key does not meet the criteria and so is not provably
secure.

An OTP with a pseudo random keystream is called a stream cypher, and
may or may not be secure. The fact that whoever wrote this program
calls a stream cypher an OTP indicates that they are not well enough
aquainted with the basics of cryptography. The use of digits rather
than bytes or larger tends to reinforce this indication.

It seems that there are 10! ways to arrange these ten digits.
A lot will depend on the detail of how one of the many permutations of
the digits is selected. If the attacker can easily reproduce the
selection then the cypher is broken.

Anyway, without the software or the website
I don't have much of a clue how the random numbers were generated.
Indeed, that is the crucial part of any stream cypher, how the
keystream is generated.

There are a number of cryptographic quality PRNGs avilable: Blum,
Blum, Shub (BBS), Yarrow and Fortuna are all described on the web. As
for stream cyphers, RC4 is very easy to program as a learning
exercise, but is broken. Salsa-20, Rabbit-128 and Phelix are more

Isn't "broken" a bit harsh.
Probably, "obsolescent" might have been better. I wanted to indicate

Is it anything but a slight bias in the long
term statistics of the output? Ie, if I give you a 1MB file encrytped by
RC4, and give you the first 1K of plaintext, can you recover the rest of
the plaintext?


modern but not so easy to code.

rossum

This is all I'm interested in is the pseudo random number generator.
From there anyone can write encryption software.

I really don't think that ciphers have feelings. They have a purpose
and the purpose of RC4 is quite limited, but for its purpose it performs
very well. It is harsh to call RC4 in the context of WPA broken,
because it isn't. It's extremely fast and secure for usage in home
WLANs, even at a massive scale.