Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!sri-unix!sri-spam!ames!oliveb!pyramid!prls!mips!hansen
From: hansen@mips.UUCP
Newsgroups: sci.crypt
Subject: Re: Completely Secure Encryption
Message-ID: <428@dumbo.UUCP>
Date: Tue, 26-May-87 20:02:34 EDT
Article-I.D.: dumbo.428
Posted: Tue May 26 20:02:34 1987
Date-Received: Thu, 28-May-87 05:49:29 EDT
References: <581@gec-mi-at.co.uk> <1171@mit-amt.MEDIA.MIT.EDU>
Lines: 21
Summary: This is an old method

In article <581@gec-mi-at.co.uk> adam@gec-mi-at.co.uk (Adam Quantrill) writes:
>So,
>for a less secure method, I propose to generate the random string by exclusive-
>oring any combination of n text and binary files held on computer:
>
>e.g. exor /bin/sh /bin/crypt /etc/termcap | exor my_text

This method is quite similar to using a common book (dictionary, bible,
romance novel) as a source of code strings.  The security depends on the
secrecy of the algorithm for generation of the code strings and secrecy of
the selection of source material. The source material itself isn't secret at
all, and divulging the algorithm (as you just did) makes the system highly
insecure.  The choice of source material is also vulnerable to attack if the
choice can be inferred from knowlege of the parties involved (e.g. rabid
UNIX freaks, working on Suns) - best to use something more obscure.

-- 
Craig Hansen
Manager, Architecture Development
MIPS Computer Systems, Inc.
...decwrl!mips!hansen