Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!ptsfa!lll-lcc!ames!amdahl!krs From: krs@amdahl.UUCP Newsgroups: sci.crypt Subject: Re: Completely Secure Encryption Message-ID: <6924@amdahl.amdahl.com> Date: Fri, 22-May-87 13:22:04 EDT Article-I.D.: amdahl.6924 Posted: Fri May 22 13:22:04 1987 Date-Received: Sat, 23-May-87 10:48:51 EDT References: <581@gec-mi-at.co.uk> Reply-To: krs@amdahl.UUCP (Kris Stephens) Organization: Amdahl Corp, Sunnyvale CA Lines: 32 In article <581@gec-mi-at.co.uk> adam@gec-mi-at.co.uk (Adam Quantrill) writes: > > I have been thinking about the one really secure encryption technique, >where the text is exclusive-ored with a random string used once only. >[...] >for a less secure method, I propose to generate the random string by exclusive- >oring any combination of n text and binary files held on computer: >[...] > The other caveat is that the sender's and receiver's machines >share identical files (which is reasonably common between machines of the same >make running the same o.s.). > >Does anyone have any comments as to the security of this method? It would >obviously be more secure using a common but unique random file owned by the two >parties, in combination with the standard system files. Bad news, I'm afraid. Even standard Un*x executables change when .h's are altered in a system. We ran a couple of sysgens from the *same* tapes, on the *same* system, and the kernels were different because the configuration data had been altered (add a new type of device to the configuration, and even the *contents* of the kernel will change). I wouldn't even count on the "standard" commands in machines of identical hardware running the same levels of the O/S release matching -- add a configuration change here and a local mod there and you have *no* *idea* what the binaries will look like. ...Kris -- Kristopher Stephens, | (408-746-6047) | {whatever}!amdahl!krs Amdahl Corporation | | -or- krs@amdahl.amdahl.com [The opinions expressed above are mine, solely, and do not ] [necessarily reflect the opinions or policies of Amdahl Corp. ]