(A Javascript-enabled browser is required to email me.)

TBTF for 1995-10-03: The Internet is full; one-time pad encryption

Keith Dawson (dawson dot tbtf at gmail dot com)
Tue, 3 Oct 1995 21:59:48 -0400

The Internet is full

TBTF has now been indexed by the Lycos spider and the Yahoo (...what? party animal?) and so we're being checked out by discriminating readers worldwide. Welcome to new subscribers from Ontario, the Netherlands, and the far-flung Isles of Compuserve.

>>From Online Business Today (1995-10-02):
> Network Computing reports that the Internet is reaching its technology
> limit, causing providers to stop routing "inefficient" address blocks.
> "Businesses around the globe are discovering that their Internet traffic
> isn't being routed to its destination, and it's no temporary glitch,"
> writes Christy Hudgins-Bonafield, Network Computing's Business and Trends
> Editor. "Experts say the routers used to direct traffic across the
> Internet are melting down with processing and memory limitations. They
> cannot keep up with the nearly cancerous growth of routing tables."
> Although Internet service providers, like Sprint's SprintLink, have known
> for a year or more that the day of "route rationing" would come, most bus-
> inesses have probably not been aware of the problem.
> According to Hudgins-Bonafield, many Internet service providers are ex-
> pected to drop users as routing problems worsen. "This fall Sprint's
> SprintLink network became the first major provider to halt routing of
> address blocks it considers "inefficient."
> Since Sprint interconnects to other service providers, its decision
> affects any Internet user whose traffic might cross Sprint's network.
> Sprint is expected to be followed by a wide variety of Internet service
> providers, she said.

A popular T-shirt at the Networld+Interop exhibition last week in Atlanta read:

The Internet Is Full: Go Away

Note added 1996-06-17:See TBTF for 1995-12-18 for a followup article in which experts cast doubt on the claims in the Elementrix story below.

One-time pad encryption

I saw coverage of this item in both The Economist d.comm and WEBster:

A New York subsidiary of an Israeli company is promoting a fundamentally different and potentially more secure method of encryption than the public-key cryptography embodied in the RSA method. Last March they introduced Power One-Time Pad (POTP) technology, which they say makes practical for the first time the most secure form of encryption known. POTP is the first commercial encryption system that does not depend on keys that can be lost, stolen, or compromised; it eliminates the need for time-consuming and costly key distribution and management.

A one-time pad uses a different, random key to encrypt every message. Sender and receiver must have some way of assuring that they use the same random numbers in sequence. Elementrix Technologies claims to have found a secure way to synchronize, and to resynch if sender and receiver later lose contact. The method is still secret while patents are pending, so the algorithms have received no scrutiny from outside cryptographic experts. While one-time pads may be inherently secure, subtle weaknesses could be hidden in the synchronization algorithms. (The history of cryptography is littered with "unbreakable" codes that proved on examination to have holes you could drive a HumVee through.)

The POTP technology generates a random key as long as the message to be encrypted, so the encryption step can be computationally simple. Cryptographic textbooks suggest XOR'ing the bits in message and key. Elementrix claims to be able to encrypt/decrypt at 4-20 Mbits/sec. (which compares favorably with typical disk access and is far faster than most networks) while imposing a performance penalty of only a few percent. The method can be implemented simply in either software or hardware.

The recent press release looks nearly indistinguishable from one issued by Elementrix in March 1995, which must have sunk like a stone -- I heard not a peep about it, and I've been reasonably well plugged in to these circles. Timing is everything. Elementrix relaunched the news of their unbreakable, one-time pad technology into the media glare ignited by news of Netscape's two cracks and a bug. (See TBTF for 1995-08-21, 1995-09-20, and 1995-09-27.)

Elementrix's home page is at <http://www.elementrix.co.il>. They offer both a secure FTP and secure email application, for Windows only at this point, with more platforms promised for the future.

This technology did not originate in the USA and so may be free of US export restrictions. If it were American-made it would almost certainly be unexportable, since most keys would be longer than 40 bits (the ITAR limit). However, the 40-bit criterion was developed with an eye toward the computational difficulty of breaking public-key encryption; it may have no practical bearing on POTP technology, which works on completely different principles and has not been studied as intensively.

Yahoo adds full-text index

>>From the Weekly Recap (1995-10-01):

> Yahoo! Corporation and Open Text Corp. announced a partnership to
> incorporate the Open Text Web Search Server OEM technology into the
> Yahoo! online guide. Yahoo!'s expanded search capabilities
> incorporating the Open Text 5 search engine will become available
> to users in early October. The Open Text technology expands
> Yahoo!'s "front of the book" intuitive hierarchical index with an
> intelligent "back of the book" word-by-word index of the entire
> Internet. Yahoo! says its site has nearly 300,000 users per day.

How many of you knew that Yahoo originally meant "Yet another hierarchically oriented oracle?" Random keyword search will be a welcome addition to Yahoo. While Lycos is slower, and Infoseek costs money, I still use both of them more than I use Yahoo -- probably because what I'm looking for more often has a form like "stuff about encryption and the ITAR export laws" than "utilities for post-processing Web server logs." Yahoo would be a more appropriate starting point for the latter kind of search.



>>Online Business Today -- semd mail to free.sub@hpp.com .

>>The Economist d.comm -- see <http://www.d.comm.com/> .

>>WEBster -- send mail without text to 4free@webster.tgc.com .

>>Weekly Recap -- mail majordomo@case.wsgr.com without subject > and with message: subscribe multimedia-list .

TBTF alerts you twice a week to bellwethers in computer and communications
technology, with special attention to commerce on the Internet. See the
archive at <http://www.tbtf.com/>. To subscribe send the
message "subscribe" to tbtf-request@world.std.com.
Keith Dawson   dawson dot tbtf at gmail dot com   dawson@atria.com
Layer of ash separates morning and evening milk.