Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!mit-amt!simsong
From: simsong@mit-amt.UUCP
Newsgroups: sci.crypt
Subject: Re: Completely Secure Encryption
Message-ID: <1171@mit-amt.MEDIA.MIT.EDU>
Date: Tue, 26-May-87 09:38:24 EDT
Article-I.D.: mit-amt.1171
Posted: Tue May 26 09:38:24 1987
Date-Received: Wed, 27-May-87 03:16:17 EDT
References: <581@gec-mi-at.co.uk>
Reply-To: simsong@media-lab.MEDIA.MIT.EDU (Simson L. Garfinkel)
Organization: MIT Media Lab, Cambridge MA
Lines: 23

In article <581@gec-mi-at.co.uk> adam@gec-mi-at.co.uk (Adam Quantrill) writes:
>So,
>for a less secure method, I propose to generate the random string by exclusive-
>oring any combination of n text and binary files held on computer:
>
>e.g. exor /bin/sh /bin/crypt /etc/termcap | exor my_text
>
 ...
>Does anyone have any comments as to the security of this method? It would
>obviously be more secure using a common but unique random file owned by the two
>parties, in combination with the standard system files.
>       -Adam.

Yes, there is a very serious problem with this method. How many
different binaries are there on a system? 500? 1000? How many
different ways are you going to combine them? Two? Three? I could
simply compare the cyphertext message against all of them. How long
would it take? Two minutes? Ten? An hour? This doesn't sound
"completely secure" to me, especially when I can automatically veryify
if I have the correct key or not. 

I'm afraid that you really have to send the random pattern seperately.
Sorry. There is no easy way around this.