Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
One of the creators can always sell out and show how to beat the system.
Pfft... unbreakable encryption my ass. There is no such thing.
This will be broken and found to be full of holes bigger then swiss cheese before the week is out...
D.
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]
> creates exceptionally random cipher text and
> combines it with a one million-bit key
How can a deterministic computer create anything
more then pseudorandom ?
From the article:
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.
It is snake oil. Move along.
I believe posters are recognized by their sig. So I made one.
At least if you don't have en infinite improbability drive. Then you could break the encryption AND travel to the restaurant.... Oh newer mind.
Every time I reread any of Douglas Adams' books, my friends think I become strange.
He, who dies with the most toys, wins
They use a 1 MB key to encrypt the data, whee.
It's not theoretically unbreakable, just practically unbreakable with today's technology.
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
So is this a rotating cleartext or what?
> This isn't the first time someone's made this claim, or second, or third ...
And if this story gets reposted, it'll seem like a fourth!
Any news article claiming that a "Company develops unbreakable data encryption code" is silly. Unbreakable data encryption has been developed long ago, it's called a one time pad and there is strong mathematical proof that it's unbreakable. The problem is, of course, it's key distribution - but that's another story.
my other sig is a 500 page novel
There's no such thing as unbreakable encrytion, only encryption which is hard to break. You can always use brute force attacks and the time required to succeed is dependent on how much processing time you throw at the problem.
Wonderful article, but how good is encryption when your fundamental flaw in data security is the people who use it?
Case in point: 128-bit SSL keys, MD5 hashed passwords on a system utilizing firewalls and a database whose data is encrypted by the super-uncrackable-key(tm)... owner connects to the site over the internet via telnet...
We should invent encrypted people. That way not only would data be safe, but it's so secure the guy next to you has no idea what you're talking about!
Sincerely,
-Matt
--- Need web hosting?
I'm certain that One time pad encryption (where you use a stream of random data the same length as the input as a key, and you only use it ONCE) is unbreakable.
I also believe that some form of quantum encryption has been proven to be unbreakable, but I have no idea how it works, or why. Especially since a regular computer can do anything a quantum computer can do, if given enough time.
If these Israelis could prove mathematically that their encryption method can't be easily reversed, then I think they might as well claim it's unbreakable as you can say something like "the key can't be found even if every atom of silicon on earth was used as a transistor, and was used as one until the sun burns out". Or something like that. Remember, public key crypto is only believed to be secure, since no one's been able to figure out how to factor large numbers quickly. It doesn't mean they never will.
Personaly, I doubt it, though.
autopr0n is like, down and stuff.
Which is unfortunately 2x the size of the original message.
Ho hum...
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
The first few paragraphs offer some details on what was developed...
Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.
Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
You gotta be kidding me! *That's* your solution to "unbreakable"? Does anyone know what this "Virtual Matrix Encryption" they're talking about is, or is it just another Keanu Reeves joke?
will people pay them big money just because they have a fancy '1 million bit key' and a closed encryption scheme? why trust them? they make a big deal out of offering a prize to anybody who can break it, and nobody was able to. but there's tons of ways to encrypt a file that can't be brute forced in a few months.
That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...
Hate me!
A preview from next month's Dog House section of the Crypto-Gram.
A One Million bit key? Unbreakable? Schneier is going to have a field day with this one.
... once claim that the knapsack method of encryption was virtually unbreakable? all this huge key means, is that it will be many many years before these encrytions can be feasably broken by brute force. this doesn't even bring things like stealing keys and social engineering into play.
The only unbreakable encryption is the one-time pad, used correctly. Anyone claiming otherwise is either a fool or trying to sell something to fools.
Anyone think there is any truth to their claims of one million bit encryption? Seems like it would take an awful long time to work with, too long to be really usefull. I thought 4096 keys for current methods were deemed strong enough for at least a few years. Hell, we just had an article about 1024 bit keys needing 1 year and/or large quantities of $$$ to break, how can they claim everything else has been broken in the last 5 years (Brute forced doesn't matter. Anything can be cracked given enough time, flawed methods = cracks without major work for many keysets), and that competing techs use only 256 bits? Hmmm... this needs some investigating. I do like the bit about the NSA wanting to prevent them from exporting(just like every non-flawed encryption system). PGP went through the same thing if I recall correctly, and there were "do not export to warnings" on IE just for having 128-bit SSL. Seems like this may be a little bit of hype and marketing to dig through.
(Congrats and Kudos to them if they pulled it off, but I remain skeptical as always until I see some full-on analysis from experts in the field, not a brochure-derived article)
heard this last year. it's a seeded one-time pad.
generating your OTP by means of an algorithm is not a good idea.
the "one million bit" is simply the length of the pad required for a one-million character message.
essentially, any pseudo-random-number generator algorithm is identical to this.
...Ask Kevin Mitnick - Part II.
Their glick is using a 1MB long key (4000 times longer than current encryption methods). They say it's going to be the strongest in the next 5-6 years.
The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
..my ass!
At some point the message needs to be decrypted, so that's always the weak spot, otherwise it's meaningless garbage! Amount of time and power needed to do this aside, the code has to be able to be decrypted, so all you need is the key, no matter how you obtain it, no matter how long it takes, no matter how much power is needed to get it.
This lesson in the blinding obvious brought to you by the same people who gave you "Common Sense - The ultimate RTFM to life!"
"I kill you! You no good 56'ing!"
Everyone here knows that this encryption's weakness is water...
[o]_O
Are the slashdot editors really this ignorant? This is pure BS. Christ.
autopr0n is like, down and stuff.
Read an article in a scientific magazine about using some quantum tenchniques for encryption.
Supposed to be uncrackable on the fact that if you try to look at the key(atoms) you effectly have to add energy to it and thereby changes the key.
Quite a known "law" - you influence the system if you observe it.
But this one ? I doubt it
Well, with a statement like that, I have to wonder who they're competing with.
Seriously, though. Who uses a 256 bit key anymore? AFAIK, the suggested key size is at least 1024 bits.
that that is is that that is not is not
They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.
Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.
And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?
I believe posters are recognized by their sig. So I made one.
Take input file and pipe it to dev/nul,
Take dev/random and pipe it to output file.
Guaranteed unbreakable encryption!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
This is so incredible I just can't read anymore.
Do you think there's such a thing as unbreakable encryption?
Why should I have doubt, when there's already Unbreakable Software out there?
I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.
It's snakeoil. Just marketing, no security. Move along. Nothing to see here.
Belief is the currency of delusion.
so how do you read something once you have encrypted it then? :-)
Help children born unable to swallow - www.tofs.org.uk
I also believe that some form of quantum encryption has been proven to be unbreakable, but I have no idea how it works, or why.
I think that's what makes it unbreakable.
Especially, large prime numbers. That'd be the obvious mathematical breakthrough.
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
One of the key metrics of a cipher's strength is how strong it is in comparison to its key size. 256 bit ciphers, if brute force is the best attack, are immune to brute force with any imaginable technology (it is hard to imagine building a machine with matter that can count to 2^256, let alone try and brute force a cipher).
Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.
I don't really see what the point is of this encryption scheme.
Because some experts have been burned by fakes in the past does not necessarily make everything snake oil.
Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.
Probably snake oil, yes. But on the other hand it could be something quite revolutionary.
There's nothing quite like apathy to retard progress.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
why on earth do you need a one million-bit key to secure it?
Quantum encryption - in the only form I've heard about - needs special hardware, a continuous fibre optic cable between the two parties who want to exchange data.
AFAIK It is thought to be unbreakable at the moment, but it can't be used over existing data networks. It doesn't have a lot to do with quantum computing.
http://www.meganet.com/technology/intro.htm
VME_RAND(r) ( (r)=((r)*0x19660du+0x3c6ef35fu)&VME_MAXINT )
Humor! Looks like a linear-congruential generator with lot's and lot's of meaningless obfuscation around.
Very common in newbie ciphers.
Belief is the currency of delusion.
Much like the one million monkeys theory, eventually with enough computing and a whole hell lot of good luck the recipient will get your message. Unbreakable? Sure.
Practical? Umm, well you just have to weed out the "It was the best of times, it was the blurst of times" results a few trillion times.
This article only points to their claim of having found the super-duper encryption method. Where is the method described? They also say in their announcement that "other methods have been compromised". Aha? When did *that* happen? This is just bullshit.
I miss my rubber keyboard.(Homepage)
at infinite typewriters eventually produce the great works of shakespear?
In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?
This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.
Ya it's breakable, anyone disagree?
http://www.meganet.com/technology/explain.htm
I think they are a little confused by their own marketing speak. Apparently, it doesn't send the data, it just sends a series of pointers into an infinite matrix that allows the receiver to rebuild the data once they've decrypted it.
In other words, it's encrypted twice. Major advance.
So... If these Israelis prove mathematically that it works, would it still work?
Unbreakable encryption is old and recycled news... However, having it proven mathematically is not, but by the time of proof, it goes poof!
I'm not a cryptologist, so can someone who knows what they're talking about in this field please explain to me how there can ever be an encryption method that is unbreakable?
... ?? It might be difficult to break, but it is breakable.
By my I-know-nothing-about-this-subject "knowledge", surely while there is somebody out there who knows how the encryption works (presumably the inventor), it is breakable
"Because it's there." - George Mallory, when asked why he wanted to climb Mt Everest, March 18, 1923 (New York Times)
Counterpane had a little blurb on their website about it... Crypto stuff
This may have been where the original "Snake Oil" comment came from.
I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...
I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
From my semi-forgotten cryptography course I seem to recall that ultimately, the encryption can be unbreakable if the message length is shorter or equal to key length, so with megabit-order keylengths short messages should be pretty secure. Would anyone with better understanding of the subject elaborate on that?
Lisp is the Tengwar of programming languages.
Any cipher that relies on mathematics can not be proven secure. If you look up Gödel's Incompleteness Theorems, you'll see that in any axiomatic mathematical system there are propositions that cannot be proved or disproved within the axioms of the system. So if I propose that there does exist some (unspecified) mathimatical way to break that cipher, you won't be able to 100% conclusively _disprove_ it. Also there's the off chance (2^-128, 2^-1000000, doesn't matter in a _theoretical_ sense) that I'll pick the right key by chance, and in common ciphers you'll *know* if the key is right.
The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.
It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.
Kjella
Live today, because you never know what tomorrow brings
Christ, that's like finding out that a product advertised as "The World's Fastest Sorting Program" uses Bubble Sort internally
...And just like Bubble Sort is quite fast on already sorted data, VME can be secure if you only feed it data that's already been securely encrypted elsewhere :-)
Oh no! Now I gave them a future marketing product testimonial? "Unknown person says: VME ... secure ... encrypted!" :-O
Belief is the currency of delusion.
" one million-bit key " is stupid, if, for instance, this key is based on a 8 letter password with has barely 16 bit entropy.
I guess this company will appear in a "dog-house" section of Bruce Schneier mailing list...
Seriously though, you have to take this with a large pinch of salt. You can't just compare any arbitrary encryption systems by means of the length of their "encryption" keys, and any company that tries to promote their product in such a way should set the alarm bells ringing immediately. Comparing their "million bit key" (most likely some kind of symmetric system) against an 512/1024/2048 bit RSA key (entirely assymmetric) just doesn't make sense -- apples and oranges. People often make (or take advantage of) similar mistakes with SSL, which like PGP, is a combination of symmetric/assymmetric systems. Key lengths are not comparable in a linear fashion between different implementations.
Anyhow, it smells of fetid B.S. to me. Time will tell.
- Oisin
PGP KeyId: 0x08D63965
Sure, these people are our best friends. That's why when we declaired war on terrorists we didn't condem the biggest terrorists of them all. Heck that they knew about the WTC attack in advance and even filmed and cheered about it. Or that they sent instant messages about it hours befor it happened or that despite their high presense in the financial center, they almostly completely avoided any loss of life
OK, the above is from a UK newspaper published in Israle as well as the International Herald Tribune. Wish I could find a link to the original Washington Post article; it seems to have vanished. But I did see the story about the text messages on the Washington Post site myself, and so did millions of other people And, of course, if you want a local respected U.S. source you can still find the article on ABC News' site about the Jews who filmed and celebrated the destruction, although you really had to see the show to get a full appreciation of how smug and happy that were about it.
Yea, these people are our good friends, our 51st state. Heck, they haven't openly attacked and killed us since they got the U.S. Liberty over 30 years ago.
Our good honest decent friends the Isrealis would share their spy stuff with us, why they even believe in sharing so much they had Jonathan Pollard spy on us to make sure that we shared with them.
I'm an American. I love this country and the freedoms that we used to have.
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
I dunno, but a company that claims to have an unbreakable encryption algorithm that is not publically available and is not a one-time pad sure seems like something I wouldn't want to trust my data to...
With Linux making headway into the desktop market, any weak ass encryption schemes will soon be broken by the 31337.
Dear Slashdot. I'd like to know whatever happened to brave-brave Sir Kip Knight, whose invention "improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'", and thusly wanted to know how to best turn this magnificent discovery into money?
Is he now making millions of $$$ off his patents?
BWAHAHAHAH!
Belief is the currency of delusion.
I don't think this encryption is unbreakable. To me it sounds like they are relying on the massive keylength. Just because it has a large key, it is unbreakable.
Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by Distributed.net, and how quickly they did it.
The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
I'd like to nominate my own encryption schemata as unbreakable, to protect my backups I always tar them to /dev/null, works like charm; and the size reduction is amazing, I can backup the entire companys 200Tb of data on my FreeBSD laptop with just a 20Gb hard drive.
When something is encrypted, someone knows how to decrypt it so it is useful again. There is always a weak point.
until some 14yo kid codes a 42 character perl script to get past it.
sig.
Huh! They'll be claiming that this guy no-one has seen called God gives them legal and moral permission to turn up in a country with American money and weapons and start killing people and kicking them into neighbouring countries next!
'unbreakable encryption' is like the perfect woman. She should be a virgin, but how can you guarantee that unless she doesn't have a ..... that could have been 'broken' before you came along. And without a .... she's not very perfect, is she? Catch-22.
The perfect encryption scheme would need to be created inviolate. Created by imaculate conception, not by the hands of man, nor under the eyes of man. But since it is up to man to craft it, then it can't be perfect...that is to say it can't be made....it can never exist.
If you make it, and I hold a gun to your head and you tell me the key (or at least give me a running start on how to pick the lock), then it's all over. It matters not how cryptic it may have been. The key is going to be in someone's head, and that is enough to mean it can be 'broken'.
The Universe is a safe, with the key locked inside.
"All other encryption methods have been compromised in the last five to six years."
Oh really? I must have missed the press release when they broke 3DES.
"So far, two million people have attempted to crack the code, but none have managed."
2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?
-a
In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.
So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).
Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).
The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here, the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".
Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.
Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.
It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
It's my girlfriend. Many men have tried, and to date none have been able to figure her out.
Bit pricy though.
As other posters have pointed out, this product has all signs of snake oil. Similar announcements are made every other day. I fail to see how this justifies an article on Slashdot?!
why haven't they jumped all over this? update the client soon! i want my $1,000,000!
sig.
From the patent:
So, it would _seem_ a bit like:
1. build matrix:
A B C
D E F
G H I
2. to cipher up the letter F which is at row 2, col 3 send (2,3).
3. mutate matrix, goto 2
So the real "crypto" lies in the mutation of the matrix... how that is done is not described... maybe it's just x-or'ed onto itself or whatnot.
The way the key is found has nothing to do with the value of the crypto, so don't even begin to critisize how easy it must be for an attacker to guess which file is being used as key.
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
AFAIK, quantium encryption is considered unbreakable because any attemt to tamper or listen in on the message will alter the message so it can't be decrypted.
I may, off course, be utterly wrong.
This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/
Have Linux installed at your place in Amsterdam, for cheap
All your files are belong to us!
I'm glad I'm from plucky, independent Britain, and not from some US vassal state...
oh brave new world, that has such people in it!
For a OTP to be secure, it has to be random. The contents of cnn.com aren't random.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
First thing first if this is a 1 mbit key then they are definately not using asymeteric(sp?) encryption or else the time to encrypt the single smallest message would probably years and to decrypt would be even longer thats with a key. ( Assuming the security between the private and public key is reasonable unlike inverse matricies which are 2 different keys but the use of the keys is quick ) so well everyone is still transfer all there credit card info with old encryption so thats down the drain. Even if it was asymeteric encryption then that means when your setting up your secure connection would take a handshake of over 1/4 of a meg but as I said before it is just symeteric. So with this large key how are they gonna transfer it seeing as it is symeteric? the answer is they can't the vernor ( sp? ) was invited a long time ago and its MORE secure then this *new* encryption Meganet created.
Okies now we got a 1 megabit key how are we gonna generate this key if we are gonna try to use entropy from the system its gonna take a long time to generate the data so there are only 2 solutions 1) we use a thermal diode which has to be at the right temperature and shield from RF or else it is statically attackable 2) we use a pseudo random software generator. 1 is not fesiable if we are requiring many keys to be generated at once i.e. as a symeteric component in SSL cause it still isn't fast enough and I won't bother looking at 2.
There used to be a Windows program called "Unbreakable security" which, among other things, could encrypt a file and put it in self opening .exe file (you had to enter the password).
So I tried to crack the program and found out it was fairly easy to do (took me a few hours). But then I discovered that the program had a bug which caused the blank password to be accepted as valid password. So much about Unbreakable security.
Oooh now we do not send the message, so it cannot be deciphered by a hacker, but how 'bout the reciever then?
Enig? Det alt for hot det smor!
yet another load of snakeoil, nothing to see here, move along please... read Bruce Schneier's CryptoGram Newsletter... drink beer! Eat food! etc etc
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
This is pointless. "Unbreakable" encryption already exists. Assuming brute-force is the best way to break it (granted, that's a large assumption), 256-bit AES will not be broken. The assumption is pretty decent, too, since many *very* good cryptographers have examined it. Why is it "unbreakable"? This is from the second edition of "Applied Cryptography", by Bruce Schneier:
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)
Given that k = 1.38*10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2K, an ideal computer running at 3.2K would consume 4.4*10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
Now, the annual energy output of our sun is about 1.21*10^41 ergs. This is enough to power about 2.7*10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all of its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all this energy would be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasable until computers are built from something other than matter and occupy something other than space.
(end quote; any errors are my fault)
Again, this does assume brute force is the best method of attack. For good ciphers, the best attacks are near brute force, so this applies (and if you're really paranoid, Blowfish can use 448-bit keys.) Note that new techniques in factoring don't apply to these ciphers, as they're symmetric and based on a completely different principle than asymmetric ciphers.
The comparison of their "million bit" key to the traditional 256-bit is completely worthless. This article should be disregarded, and should never have gotten the attention it has. We already have a plethora of ciphers that are more than secure. When you start seeing such ridiculous claims as a million bit key, you know it's snake oil.
I agree with this for the most part, except:
At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.
When we're talking about block ciphers, using multiple encryption adds rounds. And generally with increased numbers of rounds an algorithm's strength against cryptanalysis increases. Just about every block cipher uses rounds, which could be viewed as a form of "multiple encryption". Obviously care has to be taken to be sure that you're not inadvertently undoing some of the encryption by reusing the key (e.g. encrypting twice with a XOR-based stream cipher would obviously return the original data). In effect, additional encryptions with the same key serve to diffuse the original data even better in many cases.
Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:
"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
on what you know about the plaintext. If you know nothing about the plaintext, then even the most trivial encryption is unbreakable, because if you succeed in breaking it you have no way of knowing you succeeded.
The article begins with: "..has developed an encryption technology that appears to be unbreakable." (emphasis mine).
Like every other encryption mechanism known to man today, it's just a matter of time before it can be broken.
The real question is to understand the value of your data during a finite period of time (time needed to break the code), after which you should consider that the information becomes public domain.
Er, if it's uncrackable, then it's undecodable i.e. the person who is allowed read it can't. If they can, then someone else can crack it given an infinite number of monkeys etc.
The one million bit key.
Can't wait till my bank upgrades thier ATMs.
Old COBOL programmers never die. They just code in C.
I think if this was of any importance or interest whatsoever, someone a little more upmarket and respected than www.israel21c.org would be carrying the story ... this is basically tabloid journalism on the internet, yet somehow it got on Slashdot.
... methinks someone upstairs in Slashdot wanted to start a stone-throwing session.
Hmmm
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
Couple of points. I'll ignore the obvious anti-Semitimism (and anti-Israeli racism here), and limit it to factual points, leaving the semi-educated (or better) reader to filter out the drivel. Number one: fpp is David Irving, a well known holocaust denier, and the recent loser in a British libel case.
Next, the article from ABC also states, "But the FBI told ABCNEWS, 'To date, this investigation has not identified anybody who in this country had pre-knowledge of the events of 9/11.'", which, of course, contradicts Irving's theory. Note that the use of Israelis and Jews as synonyms.
Third, the Liberty is an interesting case. Yes, the Israelis attacked and nearly destroyed (then helped rescue_ a US ship that was mistaken for an Egyptian war vessel... but all recent non-conspiracy-theory-based investigations have concluded it was a mistake, no different from what happens in any war due to poor intelligence.
-- Is "Sig" copyrighted by www.sig.com?
I know some algorithms that makes trully unbreakable encryption. It's close to that compression algorithm that compresses anything to a single byte. It's fast, easy, and almost does not require processing. The only bottle neck is that then you can't unencrypt.
The only thing this company has achieved with me, is that I'll take all their claims about no matter what with a large bag of salt from now on.
Encryptions get better, and breaking them gets more and more difficult, but there is no large positive integer N for which 1/N is zero.
As encryptions get better, so do cryptanalysts.
Once upon a time, certain people thought their enigma machine was unbreakable too.
To a child ROT13 may look like garbage, but with the same training it took to learn to read, anyone can learn to read it without a decoder.
There is _NO_ such thing as UNBREAKABLE anything!!! Fuck I'm tired of hearing someone claim otherwise. IT'S JUST A FUCKING MARKETING HYPE! Don't YOU get it?? It's big money in this business!
combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits.
So this companies business model is essentially to use longer keys than other people? And that's supposed to be an achievement? Never mind the matrix stuff they mention - no indication that the principle differs from existing technologies. Then the article goes on about how nobody managed to crack the encryption so far - as if that proves anything. Nobody would be able to break RSA with a million bit key, either.
I'll wait untill I see a mentioning of this in a more competent journal.
I know what it is like to be misunderstood. I have this brilliant, gauranteed, money making scheme that no-one has faith in. If you send my £25 I will tell you all about it.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
"Note that the use of Israelis and Jews as synonyms."
Well yes they are basically the same, didn't you know Israel is supposed to be the land of the Jews ? Want to move to Israel and buy some land there ? Good luck if you're not a Jew. It is a racist country, and Jews themselves don't deny it, that's one the reason it was created.
got oil?
Yes and they are NOT our 2st state, they are sand niggers!
http://www.counterpane.com/crypto-gram-9902.html
I think you're wrong.
Good encryption is peer reviewed. By (necessary, but not sufficient) definition.
Why yes, I AM a rocket scientist!
A data security method and apparatus that provides an exceptional degree of security at low computational cost. The data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (arbitrarily large), continuously-changing array of values. The encryption technique is therefore referred to as Virtual Matrix Encryption. Furthermore, the data security arrangement uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure message and a computer used to receive a secure message. The term Virtual Key Cryptographic as used herein to refer to techniques in which a key is recreated at a remote location from an electronic file without any transmission of the key itself. The file may be a system file, a file downloaded from the Internet, etc. A smaller, transaction-specific key, e.g., a 2,048 bit key, is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key.
The patenthttp://patft.uspto.gov/netahtml/srchnum.htm patent #6,219,421
The flaw is that the starting "matrix" must be shared. It's essentially a symmetric key or shared secret algorithm, with the disadvantage being that the shared secret is overtly large. Example entropy sources to reconstruct the matrix suggested in the patent include "system files" or "files downloaded from the Internet".
Thus, it is impossible for the algorithm to be stronger than the method relied on to reconstruct the matrix at the receiving end. A file is most likely to be used to do this, so breaking an instance of ciphertext is likely to be an exercise in guessing which file(s) available to the receiving computer would be used to construct the decryption matrix.
If one has available a secure means to share the matrix construction file(s), one could presumably forego the VME encryption altogether and use the same means to pass the message itself.
The algorithm is designed to do nothing but encrypt or decrypt an arbitrary number of bytes. It does not address key exchange. If an implementation contains any other weaknesses through oversight, such as not padding plaintext to a sufficiently large block and passing any check information out of band to detect transmission errors, compromise could occur through those weaknesses.
lets keep slashdot at least _somewhat_ propoganda free...
Sure.. MD5 always worked for me :-)
Here is a reference implementation that reads from stdin and writes to stdout. Implementers can use this to check the validity of their implementation.
/dev/urandom, and will be available as a no-cost upgrade to customers with a maintenance agreement.
/bin/sh
Implementation details vary slightly from the above design, but the functionality is complete.
Version 2 will include the option to use
#!
dd if=/dev/random bs=1 count=`cat | wc -c | tr -d ' '` 2>/dev/null
Anyone remember when Dutch intelligence found out that thery were using Israeli software that leaked information to the outside? Here is a link.
Who can assure that this is not another attempt to place a backdoor in our companies? Is the algorithm open source? If not, how can you be sure that they do not keep a secret key?
Signature deleted by lameness filter.
I always seem to get them mixed up with other electrons. I should find a way to put sticky labels on them or something.
Pathman, Free (as in GPL) 3D Pac Man
Quantum encryption means that if somebody eavesdrop your message, it will be altered, and your recipient will know about it. So you when your recipient receives the message intact you have guaranteed privacy, hence security.
I remember hearing that the mechanism for emitting the message implied creating conditions so that photons have 50-70 % chances of being emitted, and you inform your recipient about which time slots actually contained emitted photons. But I can't remember any more details, and I have to admit I fail to understand how this scheme guarantees privacy...
Logic alone would tell us that if its possible to be unencrypted with the proper keys, then it is also possible for others to access the data without the proper keys. Granted it might take 2 years with the current state of processors or whatnot, but it still would be possible.
SIGFAULT
I found a bit more details here and here. But I guess anybody can google.
Bruce Schneier covered this way back in February 1999:
http://www.counterpane.com/crypto-gram-9902.html
I think we can file this under "snake oil".
Raise the key size of any encryption scheme to 1M bits, and you can call it "unbreakable".
I call it "pushing it over the horizon" and "marketing speak".
However, strong peer review and research though can give very strong motivation as to why a certain algorithm is computationally intractable (making the encryption scheme practically unbreakable).
Before I could ever trust some new-fangled encryption scheme, I think I would like to see the company submitting REAL detailed articles of mathematics and techniques to appropriate research conferences and have the whole algorithm and math undergo the process of peer review. Its just too easy to fuck up encryption and to think something REALLY REALLY hard to compute isn't in reality a lot easier than it seems.
Either you have my kind of humor.. or you've had your head in the sand for a while. I hope it's the first ;-)))
Learn from the mistakes of others. There isn't enough time to make them all yourself.
Symmetrical cryptography does not depend on any specific properties of the numbers selected as the key of the cryptosystem. Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.
Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.
Most systems in use today are so-called hybrid systems, using both asymmetric and symmetric cryptography. Since a cryptosystem is as strong as its weakest link, you need to increase the asymmetric keysize to be at least as difficult to break as the symmetric part. Given the current knowledge of factoring algorithms and the like, you need at least a1024 to 2048 bit RSA key to stack up against a 128 bit symmetrical key.
Pathman, Free (as in GPL) 3D Pac Man
As in Compuglobalhypermeganet? Could this be Homers commercial breakthrough?
.sigs - is there anything they can't do?
Check if Israelis are underrepresented among WTC victims: victims by country
Check if the claim of the website that there are no jewish names among the victims list: List of WTC victims(Cohen and Levi might be good names to check. While you are at the site, it would be good to read about some of the victims.)
Mod me as offtopic - this is offtopic, but please mod the parent as offtopic, too.
I invented a _really_ unbreakable encryption, 5600 times more unbreakable than theirs.
Give recipient the key, being a CD-ROM full of random numbers, and tell him to xor every bit of the encrypted message with the corresponding bit on the CD, at an offset that starts at the message's timecode.
700 MB (5600 Mb) key length - let them suck on that. As secure as the physical protection of the key CD itself.
Before historical pedants point it out, yes I do know that Titanic was only every claimed to be "practically" unsinkable. But that would spoil the joke.
When I am king, you will be first against the wall.
Think Microsoft is taking over slashdot ?
OK, so this is a book key with additional layers of encryption, but _anyone_ can do the additional layers. It just slows down the encoding and decoding. To be useful, cryptography must not introduce unacceptable traffic delays so the message becomes useless before it arrives. An on-line credit card checker that takes an hour to get a response will not do very well commercially. How fast is this system?
Panurge has posted for the last time. Thanks for the positive moderations.
British firm claims unsinkable ship...
In Soviet Rush, today's Tom Sawyer gets high on you.
They have a system with one time pad and have lost the key! No way anyone can decrypt that!
:\
There's no practical use for that, though
1MB-key? Hm. And I already have a hard time remembering my 8 byte password. I guess I have to combine all my names, first and last, mothers maidenname, pets and ex-girlfriends...some of the books I've read and some phone-numbers... Yeah, that might work.
That's not truly random. Even an amature at cryptanalysis could likely crack that. However, places like radnom.org are happy to supply truly random numbers, and there are other sources too.
No the way something like this works is one party gets the random numbers, however much they think they need. A copy is then made and transfered to teh other party via a secure, trusted, physical courier (meaning they put a CD-ROM or harddrive in a locked case and take it there). This data can then be used for one time pads until it runs out.
"Unbreakable encryption" is always just a marketing ploy. This shouldn't be any more newsworthy than when Microsoft says their newest product is "totally hot", should it?
You have no way of knowing which of those messages is the correct one. That's precisely the point of a one time pad. Provided the pad is really random, kept secure and not reused there is NO WAY to crack the encrypted text. You have no way of knowing if the decryption you do is correct or not.
A real easy source is the noise electrons make when they bounce around in transistor junctions. It's the hiss you hear in your speakers when you turn your amp up real loud with no input signal and is called white noise. It's real, random noise. So, just take a cheap soundcard and record the input signal with nothing plugged in. Instant random data. Now of course this is not really a great method, but the general idea holds. Measure the noise from electron movement in transistors.
can't be easily reversed, then I think they might as well claim it's unbreakable as you can say something like "the key can't be found even if every atom of silicon on earth was used as a transistor, and was used as one until the sun burns out"
This is a true statement, you can claim something to be unbreakable if current tools can't decrypt it but:
Remember, public key crypto is only believed to be secure, since no one's been able to figure out how to factor large numbers quickly. It doesn't mean they never will.
this is the key, just because we can't now, doesn't mean the technology won't ever exist. And that's the key reason why no code could ever truly claim to be unbreakable. Practically unbreakable is the best you can do. Any other claim is marketing-speak.
I'm the big fish in the big pond bitch.
3\/3r 3nc0u|\|73r 50m30|\|3 \\'h0 t41|<5 1ik3 7hi5!? d0 j00 gn0 `l337'!?
Why bother.
You have to remember that to generate a random number, you have to start off with an equation. Be it to select the time you access a clock cycle (ala windows random number, which isn't truly random because of the other things accessing the clock cycles), or merely doing it all by equation. But the random number has to come out of some sort of working. And whatever that working is, it can be reproduced, which even if it doesn't find the same number, may have a higher probability of doing so.
The ability to encrypt information for secure transmission is part of a security apparatus. Without it, you have to assume your information can be read and secure it in other ways. With it, you assume that your information is safe via 'normal' (read, faster, easier, cheaper) channels and you act accordingly.
Basically, it's a bet. If you are right, your orders and information travel faster and more securely than the enemy's even if they have samples of your messages. If however, you are wrong, you start to notice strange patterns involving your U-boat fleet and the safety of high-ranking officers who travel by air.
The short form in the real world: Everything is theorhetically unbreakable until someone rifines the theory.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
The only thing a claim of having "unbreakable encryption" does, is expose the people claiming it as incompetent.
There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.
Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.
Favorite claim: "All other encryption methods have been compromised in the last five to six years."
Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...
Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.
At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
There's a theorem that remains to be proven or disproven called the P?=NP theorem. It expands to "the set of problems solvable in polynomial time ?= the set of problems solvable in non-deterministic polynomial time". Nobody has any clue how to go about a proof. It's one of the Clay institute's million dollar math problems and I'm betting it'll be the last of them to fall.
Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
You're confusing David Icke and David Irving.
'nuff said.
Curiously, all of their challenges are over before ever appearing on their website...
quote
So far, two million people have attempted to crack the code, but none have managed.
How can anybody read a claim like this without coming to the obvious conclusion?
Do they try and use 'Israeli' at the beginning of it to make it look like some 'god' created it or, well if the Israelis did it then it must be true?
Anyway all cryptographic methods can be broken, it is just with what processing power available within time limits that makes the breaking unrealistic.
Interestingly, in 1977, a column in Scientific American published a selection of text encrypted by, IIRC, the RSA encryption scheme with a 54bit key. At the time, the most efficient algorithm on the fastest computers in the world would take millions of times the age of Universe to crack the code. Sixteen years later, this was cracked with 8 months of computing time.
So the efficiency of algorithms to break encryption has increased by a considerable amount. In another 16 years, computers are likely to be about a thousand times faster (if Moore's law holds). But if history is anything to go by, the encryption breaking algorithms of tomorrow may reduce code-cracking by a factor of billions.
doesn't work. It just keeps going faster and faster."
It is the perennial cry of the snake oil crowd that the "establishment" won't take their claims seriously. It never, *ever* seems to occur to them that this is because their claims are *provably* whacko. Especially where purely mathmatical structures are concerned.
Most snake oil saleman didn't do very well in math at school, although this personal limitation has never seemed to stand in the way of their being able to seriously cook a set of books to display for the investors.
KFG
A deficiency of one-time-pad is a man-in-the-middle with plaintext known. Given the known plaintext he can solve for the key and then use it to substitute an identical-length message of his own choosing.
...") for the long-winded header. The tail disolves into noise, but that could be expected from a code-clerk (or machine) under attack, which might make a synchronization error in the key. For automated systems you can still spoof the checksum at the end even if you can't spoof the tail of the message. Tweak the protocol and you might, say, slip some malware's infection header into a known buffer-overflow bug behind a firewall.
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
(Typing from a wierd 'puter, so I can't
cut and paste the links.) Google for
'meganet', 'encryption', and 'doghouse'
and you'll find two Doghouse entries for these
guys on Cryptogram. One makes fun of their
product; the other for them changing their
name in response to the first entry.
This crypto scheme is weak and can be rapidly broken by a brute force approach. It requires a common private key sequence that is shared among multiple users of the software; each user uses this common key to encrypt messages along the matrix. Matrix values are shared amongst all users with a common "serial number prefix." The encrypted "message" that is created is not actually the message; it is a bit sequence that points at positions within the matrix. The software locates each bit position to give a readout of the character at that step. Although the matrix undergoes convolutions as decryption occurs, supposedly making it more "uncrackable," ultimately the reduction of this method requires re-use of a one-time pad (the "virtual matrix"). Reuse of a one-time pad turns an unbreakable encoding into something insecure and breakable. That is ultimately the largest weakness of this algorithm.
Here's the telling bit in the patent scheme (US 6,219,421):
"A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
It's only necessary to be difficult enough to be pointless in practice.
Most data has a time sensitivity attached to it, and most data that doesn't is trivial ( such as your laundry list).
If I encrypt data to hide criminal activity the question to me isn't necessarily if it can be cracked, but whether it can be cracked before the statute of limitations on the crime runs out.
If a war is going to last one year a code that will take 100 years to break is, effectively, unbreakable.
And nevermind the fact that once a code becomes sufficiently hard to break hardly anyone bothers, because at that point it becomes far easier to break the *people* rather than their code.
KFG
I thought the whole point of a one time pad was it was only used _ONCE_ ? You are using it twice here. I'm sure the more times its used, the greater the chance of breaking it.
..this is but a fantasy..
That people who think there can be unbreakable encryption don't understand encryption? -Dave
Quantum encryption only makes the key exchange totally secure. It still uses a One Time Pad with a key as long as the message, BUT, it allows totally secure key exchange.
Somone mention that if your message is eavesdrop, it will be altered... but that wouldn't work, since the eavesdropper would know parts of the message itself. So, Quantum Encryption is a way to send a Key. If the key is intercepted, they are ways to know how much eavesdropping there was, and if there was too much, just send a new key until no one eavesdrop.
A spy can only prevent you from communicating, he cannot get any information from you, making it totally secure. It just get around the key distribution problems of the classical one time pad.
It seems to me that their most significant advance is the use of a 1-million bit key.
That alone does not make it any more "impossible" to crack than something with a 40-bit key, it simply makes the job more difficult. With a brute force attack, it's still merely a matter of time.
Impossible to crack = Your data is absolutely safe, under any and all circumstances, and will stay that way forever, unless the viewer knows the right password. "Impossible to crack" means there is absolutely no conceivable way to bypass the password. What they are doing is not making it impossible.
What they are doing = Delaying the inevitable. Someday, perhaps very soon if there is a sudden technological leap, computers will catch up and your encrypted contents will be as safe as if it had been ROT13'ed.
White Star Line has just announced an unsinkable ship!
new ferrari: approx. $200,000.
$1,000,000 - $200,000 = $800,000
These guys are cryptographers?
I'll take the million dollars and buy 5 ferraris thanks.
-he who laughs last, is a bit slow.
journal
Quantum cryptography is provably unbreakable, i.e. it can be proven mathematically that it cannot be broken. For a reason similar to one-time pads. And as opposed to what most people think, quantum cryptography does NOT require a quantum computer to be implemented, and it already has been succesfully tested in practice. It's mostly an engineering problem (and political?) now to package it to make it widely accessible.
Read 'The Code Book' by Simon Singh.
If it genuinely is completely unbreakable then it must also be undecryptable.
AFAIK, it is even mathematically/physically proven to be unbreakable. The aren't really any complex algorithms involved in "basic quantum encryption", but some quite simple quantum physics (well, at least simple for quantum physics). The method has been known for some time, but noone has been able to build the hardware for it until quite recently (you need to have an optical link over which you can send one single photon at a time, and the information is carried by the polarization of it).
There are 010 kinds of people. Those who understand octal, those who don't, and 06 other kinds of morons.
... but the opinions of the New York Times editorial staff certainly are. :)
And of course failed.
I broke their encryption with a two line Perl Script!
/usr/bin/perl -w ;
#!
print "All_Your_Base_Are_Belong_To_Us"
This
is unbreakable. It involves adding so much 'random noise' to the encrypted data that it's impossible to decrypt unless the key to the original encryption is known. The trick is to use true random noise sources, not psuedorandom number generators, who's/whose (take your pick) output can be analysed, predicted and subtracted from intercepted copies. Natural noise sources, like the electrical noise a zener diode makes, can't be predicted as they follow no mathmatical pattern.
Normal, everyday 128-bit encryption is the least breakable kind. Sure, one-time-pads really are unbreakable in theory, but since they are no stronger than the technique chosen for key distribution (getting those one-time-pads out to people), it's flaky in practice. Conversely, run-of-the-mill 128-bit crypto is secure in practice.
The reality is that the company's that claim "unbreakable crypto" aren't really selling generic crypto, but products that include crypto. Unfortunately, their marketing department gets ahead of the engineers, and takes them down this path. I mean, none of the engineers at the famed TriStrata wanted to claim "unbreakable crypto", but Schneier drove them out of business by showing that their marketing department were a bunch of snake-oil salesmen.
Encryption strength is a function of time.
Weak encryption = breaks quickly
Strong encryption = breaks slowly
IANAM (I am not a mathematician), but it seems to me that you cannot prove mathematically that encryption is unbreakable. The best you can prove is that you don't know how to break it; that does not mean that someone more clever than you can't come along and find a way.
If someone *does* know of a way to prove unbreakability, I'd love to see it.
I can't believe the press falls for the following claims which have a track record of being 100% false:
1) The end of the world is coming... next year.
2) 150MPG Automobile
3) Unbreakable Encryption/Copy Protection/Computer Security (this claim replaced the uncrackable safe and the unpickable lock)
4) We'll run out of food in 10 years!
5) This year, the Cubs will win the World Series
-- $G
Stolen from http://www.privacy.nb.ca/cryptography/archives/cry ptography/html/1998-03/0004.html
>From the Meganet Web Site:
> 1) Virtual Matrix Encryption (VME) reads Data From the original file
> into memory, and then compares it with an internal random matrix of
> values named "Virtual Matrix" (VM). A set of pointers to the
> location in the matrix is created "Virtual Matrix Pointers"
> (VMP). These pointers are than passed further to be encrypted by
> additional algorithms in VME. The ORIGINAL DATA are never encrypted
> or transferred in any form or shape. Since the data is not
> encrypted, there is no way to decrypt it. The process of Encrypting
> utilizes "Progressive Virtual Matrix" (PVM) and the decryption uses
> "Regressive Virtual Matrix (RVM).
>
> 2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred. A
> "Standard Transaction Key" (STK) is another key created at the size
> of 2,048 bits. That key is transferred with the encrypted VMP on a
> public network. This key is a unique non-redundant key
> per-transaction, assuring that even if the same data is encrypted
> time after time again, it will never yield the same encrypted code
> (hence preventing a possible security breach). A third key "Users
> Key" also a 2,048 bit key is created based on users input
> (Username, Password, Etc.) and used in the encryption process. 2
> Additional 2,048 bit keys are created randomly and are utilized to
> further encrypt the data.
>
> 3) The encrypted pointers are then further encrypted by a variety of
> highly secured algorithms: "Multiplication Matrix Modulo" (MMM) is
> a matrix of mathematically inverse keys utilized to encrypt/decrypt
> the pointers. Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction
> Matrix Modulo" (SMM) is a system that utilizes a mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size. The overflow actually gives us an
> unpredictable number that is used to further encrypt the
> pointers. "Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers. Since the specific algorithm used at a certain point
> is dependant on the variety of keys and data flow for the specific
> session, there is no way to know which of those algorithms was
> used. Therefore, regardless of the specific strength of a specific
> algorithm, it is impossible to break. "Bit Level Encryption" (BLE)
> is another innovative algorithm that encrypts data one bit at a
> time. A specific bit can have a value of only 0 or 1, and the
> encrypted value is also only either 0 or 1. Considering the fact
> that a single bit is meaningless (versus a byte that can signify a
> character for example) it is impossible to decrypt.
>
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date).
>
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE.
>
> 6) After these explanations, we hope that you'll agree with our
> non-compromising statement of: . .
>
> "VME IS THE ONLY UNBREAKABLE ENCRYPTION" . . .
"The ORIGINAL DATA are never encrypted
> or transferred in any form or shape."
Umm I would call shuffling data around encrypted wouldn't the rest of us?
2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred.
(based on a secret reference file)!!!!!!
Okay here we go there is no 1mbit key at all there is a much smaller key which then generates a random stream of data.
"Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers.
Okay if these methods were unique they couldn't be simple and the whole process would slow down to a crawl.
The whole key transfer thing is secured by tripple RSA or something similar ( 3 layers of 2048 bit asymeteric keys ) @ 2048 bits so all in all its what like a 2049.58 bit encryption this whole thing is a shame when u can do 4096 bit encryption.
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date).
Okay this feature is hardly useful requires both ends to have synced times as well as a refernce key to start the pseudo random number generator. The security of this is propontional to the 1/(time ranger it is active ) X average number of time units before activation. So even if it is active for an hour the security gain is almost useless.
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE.
This is just means it encrypted with the target users public key big woop dee do da.
. Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction
> Matrix Modulo" (SMM) is a system that utilizes a mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size.
Umm yeah my ass it gives a good encryption this is essetionally the simplest form of a hash there is jsut take the last X digits of a number sheez who they think they are kidding. Someone please point them to the SHA algorithim.
Anyone who thinks that their encryption is unbreakable should think about the rubber hose and pay off the janitor methods of breaking encryption. Typically it's far cheaper to pay someone to give up the secret than it is to even power the computers to do it.
Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
My Slashdot account is old enough to drink...
QYiuyroe yuiy Ywyuetyui tyiuy twyioy wueyu w twyw wetyioyxbvy wtyoi qtyi byxb tiywoiqy qyiurq Riuo rquo..
Schneieer has a lovely explanation of why you can't brute force a 256-bit key.
:)
There are both time and power requirements. Time can always be sidestepped just by making faster processors, up until you hit the Planck Time. Power, on the other hand, is much harder to sidestep. So let's look at that, shall we?
Let's set up a couple of baselines for our brute-forcers. One, they're deterministic Turing machines (i.e., no quantum computing--although you can make a similar power analysis for QC, I'm not going to do it here). Two, they are running at the very limits of thermodynamic possibility. Thermodynamics places a limit on kT joules of energy to erase a bit, where k = Boltzmann constant and T = whatever temperature your computer is running at. So let's assume we've got a machine running at 3.2 Kelvins (the ambient temperature of the universe), and thus requires 4.4 * 10**-26 joules of energy per bit erasure. These are our assumptions about our hardware efficiency.
As if we weren't making this easy enough, let's say that we can test one key with each bitflip. I.e., we don't have to worry about key schedules or initialization costs or... each time we flip a bit, we (a) create a new key and (b) check this key to see if it works. These are our assumptions about our software efficiency.
To break a 128-bit key will require, on average, 2**127 attempts. Multiply (2**127) * (4.4 * 10**-26) and you get... 7.4 * 10**12 joules of energy needed. That's 7.4 terajoules, or about two million kilowatt-hours. I.e., with a thermodynamically perfect computer running perfect algorithms, we could theoretically break a 128-bit cipher by brute force using a significant portion of the entire United States power grid.
To break a 256-bit key by brute force, using those same assumptions, would require over one googol joules. That's right, guys, 1.3 * 10**102. Not only do we not have access to that much energy, I doubt there's that much energy in the entire Milky Way galaxy. Nor do I know how we could harness that much energy without having some symmetry-breaking event which would annihilate the Universe as we know it.
And remember, these are calculations assuming perfect computers and perfect algorithms. We're nowhere near either.
Short version: we're not going to break 128-bit crypto anytime soon by brute force. I doubt we will ever be able to break 256-bit crypto by brute force.
Stolen from http://www.privacy.nb.ca/cryptography/archives/cry ptography/html/1998-03/0004.html
>From the Meganet Web Site:
> 1) Virtual Matrix Encryption (VME) reads Data From the original file
> into memory, and then compares it with an internal random matrix of
> values named "Virtual Matrix" (VM). A set of pointers to the
> location in the matrix is created "Virtual Matrix Pointers"
> (VMP). These pointers are than passed further to be encrypted by
> additional algorithms in VME. The ORIGINAL DATA are never encrypted
> or transferred in any form or shape. Since the data is not
> encrypted, there is no way to decrypt it. The process of Encrypting
> utilizes "Progressive Virtual Matrix" (PVM) and the decryption uses
> "Regressive Virtual Matrix (RVM).
>
> 2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred. A
> "Standard Transaction Key" (STK) is another key created at the size
> of 2,048 bits. That key is transferred with the encrypted VMP on a
> public network. This key is a unique non-redundant key
> per-transaction, assuring that even if the same data is encrypted
> time after time again, it will never yield the same encrypted code
> (hence preventing a possible security breach). A third key "Users
> Key" also a 2,048 bit key is created based on users input
> (Username, Password, Etc.) and used in the encryption process. 2
> Additional 2,048 bit keys are created randomly and are utilized to
> further encrypt the data.
>
> 3) The encrypted pointers are then further encrypted by a variety of
> highly secured algorithms: "Multiplication Matrix Modulo" (MMM) is
> a matrix of mathematically inverse keys utilized to encrypt/decrypt
> the pointers. Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction
> Matrix Modulo" (SMM) is a system that utilizes a mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size. The overflow actually gives us an
> unpredictable number that is used to further encrypt the
> pointers. "Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers. Since the specific algorithm used at a certain point
> is dependant on the variety of keys and data flow for the specific
> session, there is no way to know which of those algorithms was
> used. Therefore, regardless of the specific strength of a specific
> algorithm, it is impossible to break. "Bit Level Encryption" (BLE)
> is another innovative algorithm that encrypts data one bit at a
> time. A specific bit can have a value of only 0 or 1, and the
> encrypted value is also only either 0 or 1. Considering the fact
> that a single bit is meaningless (versus a byte that can signify a
> character for example) it is impossible to decrypt.
>
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date).
>
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE.
>
> 6) After these explanations, we hope that you'll agree with our
> non-compromising statement of: . .
>
> "VME IS THE ONLY UNBREAKABLE ENCRYPTION" . . .
"The ORIGINAL DATA are never encrypted > or transferred in any form or shape."
Umm I would call shuffling data around encrypted wouldn't the rest of us?
2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred.
(based on a secret reference file)!!!!!! Okay here we go there is no 1mbit key at all there is a much smaller key which then generates a random stream of data. Smaller key now the question is how small for all we know it could be 2 bits just like that company is
"Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers.
Okay if these methods were unique they couldn't be simple and the whole process would slow down to a crawl.
The whole key transfer thing is secured by tripple RSA or something similar ( 3 layers of 2048 bit asymeteric keys ) @ 2048 bits so all in all its what like a effective 2049.58 bit encryption this whole thing is a shame when u can do 4096 bit encryption.
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date). Okay this feature is hardly useful requires both ends to have synced times as well as a refernce key to start the pseudo random number generator. The security of this is propontional to the 1/(time ranger it is active ) X average number of time units before activation. So even if it is active for an hour the security gain is almost useless.
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE. This is just means it encrypted with the target users public key big woop dee do da. . Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction > Matrix Modulo" (SMM) is a system that utilizes a mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size.
Umm yeah my ass it gives a good encryption this is essetionally the simplest form of a hash there is jsut take the last X digits of a number sheez who they think they are kidding. Someone please point them to the SHA algorithim.
Stolen from http://www.privacy.nb.ca/cryptography/archives/cry ptography/html/1998-03/0004.html .
>From the Meganet Web Site:
> 1) Virtual Matrix Encryption (VME) reads Data From the original file
> into memory, and then compares it with an internal random matrix of
> values named "Virtual Matrix" (VM). A set of pointers to the
> location in the matrix is created "Virtual Matrix Pointers"
> (VMP). These pointers are than passed further to be encrypted by
> additional algorithms in VME. The ORIGINAL DATA are never encrypted
> or transferred in any form or shape. Since the data is not
> encrypted, there is no way to decrypt it. The process of Encrypting
> utilizes "Progressive Virtual Matrix" (PVM) and the decryption uses
> "Regressive Virtual Matrix (RVM).
> > 2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred. A
> "Standard Transaction Key" (STK) is another key created at the size
> of 2,048 bits. That key is transferred with the encrypted VMP on a
> public network. This key is a unique non-redundant key
> per-transaction, assuring that even if the same data is encrypted
> time after time again, it will never yield the same encrypted code
> (hence preventing a possible security breach). A third key "Users
> Key" also a 2,048 bit key is created based on users input
> (Username, Password, Etc.) and used in the encryption process. 2
> Additional 2,048 bit keys are created randomly and are utilized to
> further encrypt the data.
>
> 3) The encrypted pointers are then further encrypted by a variety of
> highly secured algorithms: "Multiplication Matrix Modulo" (MMM) is
> a matrix of mathematically inverse keys utilized to encrypt/decrypt
> the pointers. Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction
> Matrix Modulo" (SMM) is a system that utilizes a mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size. The overflow actually gives us an
> unpredictable number that is used to further encrypt the
> pointers. "Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers. Since the specific algorithm used at a certain point
> is dependant on the variety of keys and data flow for the specific
> session, there is no way to know which of those algorithms was
> used. Therefore, regardless of the specific strength of a specific
> algorithm, it is impossible to break. "Bit Level Encryption" (BLE)
> is another innovative algorithm that encrypts data one bit at a
> time. A specific bit can have a value of only 0 or 1, and the
> encrypted value is also only either 0 or 1. Considering the fact
> that a single bit is meaningless (versus a byte that can signify a
> character for example) it is impossible to decrypt.
>
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date).
>
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE.
>
> 6) After these explanations, we hope that you'll agree with our
> non-compromising statement of: .
>
> "VME IS THE ONLY UNBREAKABLE ENCRYPTION" . . .
"The ORIGINAL DATA are never encrypted > or transferred in any form or shape."
Umm I would call shuffling data around encrypted wouldn't the rest of us?
2) At that stage, 5 different keys are being created: "Million Bit
> Key" (MBK) is a key of 1 Million Bits in size that is unique in
> concept. Since a million bits equal 128kb, it would be way slow to
> transfer over slow communication lines (2 minutes at 28.8k),
> therefore, it is recreated at both sides (based on a secret
> reference file) of the connection WITHOUT being transferred.
(based on a secret reference file)!!!!!! Okay here we go there is no 1mbit key at all there is a much smaller key which then
generates a random stream of data. Smaller key now the question is how small for all we know it could be 2 bits just like that company is
"Multiple Algorithm Matrix" (MAM) is a collection of 256
> UNIQUE encryption/decryption algorithms utilized to further encrypt
> the pointers.
Okay if these methods were unique they couldn't be simple and the whole process would slow down to a crawl.
The whole key transfer thing is secured by tripple RSA or something similar ( 3 layers of 2048 bit asymeteric keys ) @ 2048
bits so all in all its what like a effective 2049.58 bit encryption this whole thing is a shame when u can do 4096 bit encryption.
> 4) In addition to the previously described algorithms, an additional
> algorithm,known as "Date Limit Algorithm" (DLA), is
> implemented. The DLA allows further encryption of the pointers in
> such a way that they can be decrypted correctly ONLY between a
> defined date range - therefore creating for the first time, an
> encrypted content that is time sensitive. The implementations are
> endless - you can encrypt data for a specific date in the future
> (software vendors who wants to debut a new software on a specific
> future date can distribute the encrypted code months a head and
> give the password on the specific date). DLA also prevent brute
> force attacks - since it reads the date from the real time clock,
> once it goes out of the date range, the decrypted data will never
> be correct, even if the right keys are used (since there will be no
> way to tell if the problem is the key or the date). Okay this feature is hardly useful requires both ends to have synced
times as well as a refernce key to start the pseudo random number generator. The security of this is propontional to the 1/(time ranger it is active ) X average number of time units before activation. So even if it is active for an hour the
security gain is almost useless.
> 5) The last stage of encryption consists of "Targeted Delivery System"
> (TDS) which is a system targeted at covering all the scenarios and
> needs for encryption. The "Global" option is as it sounds - anybody
> on the planet with a copy of VME and the right keys & passwords can
> decrypt the data. "Local" means that only people from the same
> organization holding a copy of VME will be able to decrypt the
> data. An outsider, even with a valid copy of VME with all the keys
> and the passwords will not be able to decrypt it. "Private" means -
> your copy of VME is the only copy in the world that will be able to
> decrypt the data, regardless of who aquires the correct keys and
> passwords. "Specific" is targeted at sending specific material a
> specific person, even on the other side of the world - the data is
> encrypted in such a way that only the TARGET user can decrypt
> it. NOT EVEN THE ORIGINATOR CAN DECRYPT THE FILE. This is just means it encrypted with the target users public key big woop
dee do da. . Since the specific order is random and based on the
> actual pointers encrypted, there is no way to pinpoint the right
> combination, hence any combination can be valid. "Subtraction > Matrix Modulo" (SMM) is a system that utilizes a
mathematical
> algorithm to add multipule numbers together in a register to create
> an overflow of limited size.
Umm yeah my ass it gives a good encryption this is essetionally the simplest form of a hash there is jsut take the last X
digits of a number sheez who they think they are kidding. Someone please point them to the SHA algorithim.
Does anyone remember the Promis Software hooha?
After all that there's no whay I'd ever trust a Israeli software firm in regards to security.
Yes, just as Italy is the land of the Italians, France is the land of the French, Germany the land of the Germans. Except no one complains about that, do they? And let's not forget Israel and Judea were there before those countries (2000 year diaspora after the Romans found them to be a little bit too fiesty). So let's be fair. If you're going to bag on Israel, you're going to have to bag on pretty much all the countries in Europe.
Also, given that anyone can convert to Judaism (get a circumcision, consult with a good rabbi, have your Bar Mitzvah), it's not a racist country. It's a theocracy (not much better in my opinion).
But, anonymous coward, this anti-semitism is so old news anyhow. There are plenty of Middle Eastern religions to attack. Why don't you broaden your anti-religous horizons and become an Anti-Zoroastrian? Or, you know, there are a lot of Buddhist temples opening up in the United States - perhaps you could check that out...
I'll gladly have this and the parent comment moderated to -1.
This post is Rot 26 encrypted. Its unbreakable because the DMCA says its unbreakable.
there will be breakable encryption.
If I had a buck for every law firm that prints out PGP encrypted email on "the shared printer down the hall" i'd be a rich man.
The encryption is only as good as the users.
-ted
you must not have looked very hard.
Meganet's Ferrari 360 Challenge.
Meganet's Million Dollar Challenge.
you might want to peruse Meganet's website before you start spouting off with some more ill-informed anti-semitic flame-bait garbage.
combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits.
Erm, maximum of 256 bits? I'd better stop using my 1024-bit GPG key then.
"All other encryption methods have been compromised in the last five to six years."
Actually this is partly true. PGP *was* cracked, for a 64-bit (or some such) key. Let's just gloss over the fact that such a task is about the same as picking a single-lever lock...
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
Might be because it *is* snake oil. I certainly don't understand the product. Modify encryption to use really long keys? How is that innovative?
So far, two million people have attempted to crack the code, but none have managed.
Are there actually two million people who know *how* to crack this in the world?
Hmmmm...
it is snake oil until:
1) they disclose the algorithm
2) they host a fair competition
3) positive peer review occurs
"Anyone who creates his or her own cryptographic primitive is either a genius or a fool. Given the genius/fool ratio for our species, the odds aren't very good."
This is going to require years of peer review and analysis before it's proven "unbreakable".
-------------------------
slashdot@com.jarnot (swap the domain)
No doubt it is the "anti terrorist yet homeland security friendly edition" this time around.
-=DaveHowe=-
128 bit encryption have already been broken. But the military and the NSA don't want you to know that.
...) so it give you some hint about the key used.
In case you are wondering, brute force is not the way to go to crack an encryption scheme. It's way easier to crack if you know the underlying structure of the file. I mean, we encrypted computer files, in some case it will be a text file, but most of the time it will be a computer file (zip, doc,
I don't say that it is easy, but it can be done, and guess what I'm sure that it's been used.
on the meganet web site: http://www.meganet.com/technology/intro.htm
It looks kind of like they took a whole bunch of known encryption algorithms and smashed them toghether... "is then further encrypted using dozens of other algorithms in different stages to create an avalanche effect."
I'd say hardly revolutionary...
I remember reading their home page 4-5 years ago. They were giving the same sorts of unsubstantiated claims back then.
The amusing part is that MegaNET is actually the name for a chain-letter anti-cheating program that also dates back 6-8 years. (The idea would be that you had to get a code from the other people before you could 'unlock' the program and send out your own responses.)
Personally, I suspect that both of em are about equally honest of endeavors. And I'll believe MegaNET's security claims when I see a review of a *full* description of their algorithm.
A french man was seen buying deodorant.
http://www.meganet.com/Technology/explain.htm
Aside from having a 64kB key (1 million bits), they claim:
Did you catch that? They claim that the data isn't contained in the encrypted message!
O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.
This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...
And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.
I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.
A famous mass murderer once said: "Opium is the religion of the masses". Well, on that point, he was spot on...
Wrong guy's site.
My PC mobo has two different sets of memory slots. The first memory slots are for data that needs to be accurate, reliable, and predictable. The second memory slots are for unpredictable data results.
Therefore whenever I want to perform some calculation that has a random result I just use the random memory addresses.
The second memory slots use PRRAM, or Progressively Random Random Access Memory. This memory is guaranteed to be accurately random to the femtosecond.
I've got 512 Meg of PRRAM in my machine. More than enough for most consumer applications!
PRRAM varies in price too so you have to search hard on the web to get a low price.
Good luck!
Israeli firms generates free publicity with ludicrous claims.
What is being advertised here is not unbreakable in the sense used by most mathematician or serious cryptographers. (When a cryptographer says unbreakable, s/he means that the system is secure even against an adversary with unlimited computing power.)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
You're confusing random numbers with pseudo-random numbers. Random numbers can be created by, say, a radioactive source. Yes, there are equations involved, but trying to reproduce the stream won't work because it is random.
- dave f.
Do you even know what kind of racism you're supposed to have? Quick primer: If you hate all Jews/Israelis (KKK style), then you're on target. If you're one of the new breed, you claim to only hate israelis (since after all, some of your friends are Jews.. gotta use that line). Then, once you've "pushed them into the sea," you move on to all Jews.
-- Is "Sig" copyrighted by www.sig.com?
These guys are crack smokers, especially Saul Backal. They tried to sell the company I was working on at the time on this VME bullshit. (I have an unopened copy if anybody wants it . . .)
Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.
For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.
-b
You can stop worrying. Ninnle Linux already uses this system for its incredibly high security.
Just another reason why Ninnle is so great!
Please read the Snake Oil FAQ and you will see the problems.
Vilmos
CompuGlobalHyperMegaNet created by Homer Simpson and purchased by Gill Bates. I expect Microsoft will be sending over a barrage of lawyers any minute to discuss their company name and their domain name.
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
Even if the 'server' caches 'bookmarks' in the Big Book Of Digits for each of the clients that connect to it, there must still be a way of establishing those 'bookmarks' through unencrypted channels ( or sneakernet ). This is the point where this kind of thing is vulnerable unless it falls back on standard number-crunching-intense encryption techniques to perform these handshake tasks. The only advantage I see for this technology would be in speeding the transfer of large ammounts of encrypted data.
Eat at Joe's.
Any investors influenced by Slashdot have already blown all their money on Beowulf clusters of shiny things.
I take the statement I want to keep secret.
I make up a completely different statement which will remind me (and only me) of the original statement.
I encrypt that second statement.
No matter how good the anti-encryption,they still won't discover the original statement.
I WORKED FOR MEGANET IN TARZANA Ca. in 1999 they were a big scam. at that time they're product was called VME and promessed a ONE MILLION bit key that traveled HIDDEN in an image FILE.. IT WAS A BIG SCAM.. the owner SAUL BACKAL is an ex-israel military scientist.. IS A BIG SCAM . this is the companies SECOND TIME AROUND.. they had 3 offices in the states and went to NONE overnight. all their website http://meganet.com/ has FAKE CONTACT INFO.. and those people still own about 2000bucks for design work i never got paid for. i hope no one falls for this and i have a hate letter to write now.
SECURE QUANTUM KEY TRANSMISSION:
Here (more or less) is how the key is transmitted securely. The technique arises from a mental experiment Einstein created (with others) to prove that Quantum mechanics was silly (but the experiment was actually done in the 1970's and it helped to confirm the reality of quantum mechanics): A bunch of photon pairs are generated (let's say 1000), and one photon of each pair is sent to the recipient. The other half of each pair is sampled at the sending site, either vertically or horizontally, to determine its spin. The recipient also randomly samples the phtons horizontally or vertically to determine their spin. The spins of each pair of photons will receive opposite values when their spins are observed.
The recipient and sender now have an INSECURE conversation to discuss the following:
(1) Which photons they observed vertically and which horizontally;
(2) the observed values of half of the photons that they both observed the same way.
If their observations do not agree, then it may be true that someone was eavesdroping on the tranmission; they start over. If the observations agree, the key must have been sent securely (because observations by another observer would randomize their values). The sender and recipient therefore use the other half of the photons they observed (the same way) as their one time pad key. They do not have to mention the actual values of the spins of these photons in the insecure conversation; they share the knowledge of these spins.
As time passes, this technique will become very practical and will be used over fairly long distances.
When Israel wants information to be kept secret (secure delete) they use traditional methods as well, assassination. Israel has the best and most prolific assassins in the world.
All of this fancy research is funded by America of course. Now the US is beginning to use assassination and torture. The research is paying off. You do know why all those Arab "suspects" are being questioned in foreign countries don't you?
Everyday we are becoming more like Israel. Are also choosing Israel's fate?
and he said that they were within months of releasing an algorithm to factorize large numbers (into primes) in polynomial time...such grand claims. I'm sure VME is difficult to break, but impossible to break is impossible to believe.
This is essentially a repost of an exceptionally old story (April 1998).
-jacob
There is no such thing as unbreakable encryption, period, unless you use a one time pad. If the key is smaller than the data, even if it's a million bits as in this case, it is still breakable. And even one time pads are attackable, if the method of random key generation is imperfect.
Meganet Corporation's founder, Saul Backal, claims that its solution can put an end to these problems. Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits.
"There is nothing stronger in existence," says 38-year-old Backal, a dual Israeli-U.S. citizen who was a tank commander in the IDF in the Lebanon war. "All other encryption methods have been compromised in the last five to six years."
I call bullshit. Since when have all other encryption methods been broken? Has AES been broken? What about Twofish? CAST? IDEA? (Alright, maybe TripleDES isn't broken, but it's still not as secure as the previous algorithms IMHO).
Sounds like snake-oil to me.
So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.
Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.
Jouster
The problem with storing CC numbers is that at some point you have to unencrypt them to do anything interesting with them. Its entirely possible that these cases had encrypted cc numbers, but an attacker found the unencrypt_and_charge program in /usr/local/bin, and put it to good use.
This is especially the case in automated systems, where somewhere there's a program thats run without a password or other user intervention that does the decryption. If the program in question runs some other program and automatically enters the password/phrase (eg pgp), you could probably use strings to get the password without even running the program.
If I have been able to see further than others, it is because I bought a pair of binoculars.
While it makes sense to be skeptical of unbreakable encryption claims, social engineering and key-stealing have nothing to do with the "breakability" of an encryption mechanism. When the wrong person gets the key and gets your data, the encryption is not broken, it's working properly. You *intended* for it to reveal the message to the key-holder. Likewise, the RNG must be "obscure". Really the attacks on security through obscurity are often misguided. What is a key? Whis is useful? Why can it protect a secret? Because it is obscure! No one knows it but you. The point is to reduce obscurity to a single, easily defended key for convenience.
Unbreakable encryption is a very fuzzy term. If it means that no one could ever get your data out of the ciphertext but you, then sure, that's impossible. A ways into the infinite set of all possible transformations they would probably end up looking at your plaintext... but would they know? What if that set of transformations produced all possible plaintexts at one point or another? How would they know which was yours?
It won't ever undergo peer review, as they are keeping the details of their algorithm secret. Luckily, their program was disassembled and the algorithm recreated back in 1999, and was didn't cause a splash in the cryptographer pond before it sank. This story isn't old news, merely a warning to people why a company doesn't actually have to be worth anything in order to make it in the world. Instead of the encryption lock for an icon, this story should've had the media hat, seeing as how one poster reports the news site in the article is a "fluff" site for Israeli interests.
Check out this press release... he claims to have given the algorithm to Bill Gates, AT&T, HP, Intel, and DELL for cracking. I guess if the crypto community shuns him, then he should take it somewhere else.
I love how he subtly calls these people his peers (as if!), but even more masterful, the press release is on the AT&T website, so it looks like it has a bit of an endorsement. Of course, I think Bill Gates is the world's greatest cryptographer and Microsoft has by far the most secure products. (I'd bet microsoft has some very good cryptographers, but that's not the problem; they just have holes in their software).
HIV Crosses Species Barrier... into Muppets
From this page, you can call up the inventer with technical questions:
Saul Backal - Meganet Corp.
818-757-3890
matrix@meganet.com
Reporters can call these people. Hey, if their professional email ends in "juno.com", they must be legit!
Kenny Spitler or Bernie Kiesel - Absolute Results Inc.
615/843-8710
Absoluteresults@juno.com
HIV Crosses Species Barrier... into Muppets
The AD-speak is an example of the encryption. Before running it through the Virtual matrix of Pseudo-information, it said something meaningful.
Now all there is to read on the site is about equivalent to "QUACK! quack quack quack..."
mug
Saying that you have created unbreakable encryption is like saying your ship is unsinkable. Time is the decider of everything. While something may me unbreakable now, time will come with solutions to prove that the real limitation is current understanding.
Then again security is more about making intrusion incredibly difficult and time consuming than impossible. Anybody who believes in passive security is enough obviosualy doesn't understand security issues well enough.
Jumpstart the tartan drive.
Can we please not post everyone's snake oil cryptography and ask whether it's possibly true?
/. space with?
Read the Snake Oil FAQ and don't post this sort of thing again.
It's like cops arresting jaywalkers... don't we have better things to take up brain cycles and
More or less, yes. In fact you can never be 100% sure no-one is eavesdropping, but as your sample size increases the probability of an eavesdropper fooling you dimishes exponentially. So it allows you to put a specific degree of certainty on the security of your one-time pad.
Go read a book (The Code Book by Simon Singh has a good overview).
What fucking gall. For all the money we pump over there do we get a "thank you"? No, we get a "fuck you!"
...it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum.
Which theory of the end of the universe is this? There was just a story the other day on some evidence for no end at all- though in that setup most of the universe would eventually so separated from other parts that a possible cosmo-computer would break down.
Usually these kinds of arguements are supposed to show how preposterous it would be to take the opposing viewpoint. But alarms should go off for the SF writer or reader that hears experts construct a fantastical explanation (a computer the size of the universe!) and declare it so ridiculous that it proves their point- there's potential story material to be had if you take the up the idea and logically carry it to even more extreme ends: How would a galaxy-turned-supercomputer look from earth? There's got to be some tradeoff between acquiring so much computing mass
in one location that time dilation effects take place (effectively slowing computing speed) and mass being so distributed that the speed of light delays seriously hampers computing speed as well- I'd like to hear or figure out what those limits are.
I think one of the Charles Stross stories mentions the possibility that currently observed astronomical objects (or was it dark matter?) like quasars are actually distant alien supercomputers dumping a _lot_ of waste heat. He didn't mention decryption applications, so there's still room for more stories.
Investors shouldn't be misinformed.
The investors should not be told this encryption is "unbreakable".
The investors should be told that the encryption is based on two 32-bit keys derived from passwords, a 256-byte header which boils down to a 7-bit key, and a one-time-pad file of arbitrary size (the "million bit key"). The encryption involves executing a state machine with a large number of different permutation methods, rather than sticking to a single ciphering method which allow building a statistical model of how well the plaintext is perturbed.
The investors should be told that -- despite not revealing the algorithm -- the encryption software has been reverse-engineered and a portable decryptor written in C.
The investors, finally, should be told that the encryption is almost useless. In order for any legitimate party to decrypt a file, you need to send them the one-time-pad as well. If you're storing files encrypted for your own private use, you need to store the one-time-pad somewhere secure. Why not just store your files unencrypted in this secure place? If you encrypt more than one file with the same one-time-pad, that renders it useless - only the ~71 bits need to be broken.
Does my bum look big in this?
A deficiency of one-time-pad is a man-in-the-middle with plaintext known.
If you know the entire plaintext, which you suggest the MITM does, then what is the point? To forge a different plaintext from Alice to Bob?
Three words: Digital Signatures
Alice simply MD5 hashes her plaintext, encrypts the MD5 value using private key, and appends to message. Bob verifies that received plaintext (after decoding) when MD5 hashed, equals the public key decrypted hash Alice attached. The MITM can't forge that.
The price of freedom is eternal litigation.
Meganet is winning government contracts left & right. 90% of cryptologists that are worth their salt work for the government agencies, If it passes their muster -- I would put my faith in it.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
So far the only "uncrackable" solutions involve using the heisneberg principle (by examing the information, you change it) and some sort of photonic system (nobody has it working...even the theorists say it is a decade or more away).
Also, studies into quantum computers is progressing rapidly. If developed into a useful device (again, probably decades away), there is possibility of cracking one time pads (I know the OTP I have used utilized a snapshot of background radiation through a serial device as the noise) if the weird theories of entropic systems proves true and modelable.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
It is the tone of the marketing, combined with the reality of the product that earns it the "Snake Oil" label
If you look at the abstract of their patent you see that the foundation of their math games is a one time pad
They use a "Specific Transaction Key" to scramble the common key to "reduce the insecurities" of reusing the one time pad.
The program posted on sci.crypt negates both the "Targeted Delivery System" and the "Date Limiting Algorithm".
Think Different! Think YottaHertz!
Here's a story about how the Israelis' bugged the Dutch Intelligence Agencies and half of the police forces in the Netherlands.
Here's a story about how the Israelis' acquired data on phone calls made here in the U.S., possibly including the ability to eavesdrop on any call they desired. (Other parts to the above story may be read here, here and here.)
The above were all accomplished by Israel through an Israeli company providing goods and services to the international community.
Now an Israeli company wants us to encrypt all our sensitive data using their technology, which is unbreakable. Yeah, sure.
shoot, ive already got it... screw karma, im not reading thru this whole board to see if this is redundant
i sell illegal drugs
Is it just me, or did all recent snake oil products originate from Israel?
Do they hand out government grants explicitely for snake oil, or just to any startup there?
Or are they just extremely 'innovative'?
Just take long random strings of characters and breed them as if they were chromasomes. Then have a million lit professors weed out the ones with least merit and breed the strings again. Eventually you end up with shakespeare. Prolly in like 1000000 generations.
Eat at Joe's.
1. To encrypt a message with X bits, go to a bank, convenience store, etc., and get X pennies (if you're a consultant, say you used quarters and bill accordingly). 2. Flip each penny once, record the result, then discard. 3. Melt all of the discarded pennies to make a large, heavy club. Use the club to hit anyone who tries to steal your OTP as you deliver the message. Sure, this method may not be efficient, but it's about as practical as most OTP schemes are:)
The story about the Israeli company Odigo receiving an instant message warning of the attack hours in advance comes from The Washington Post.
The story about there being only one Israeli casualty in the WTC comes from The New York Times. And that casualty was a man who was just visiting, i.e., he was supposed to be there.
The story about the Israelis celebrating the fall of the towers was an AP and Reuters story and was reported everywhere.
Nice try though. Lies have worked so well for Israelis for all these many years, I might have resorted to them myself.
Is this truly the only Earth I can live on?
All of these allegations were made elsewhere, and are entirely reputable.
The story about the Israeli company Odigo receiving an instant message warning of the attack hours in advance comes from The Washington Post.
The story about there being only one Israeli casualty in the WTC comes from The New York Times. And that casualty was a man who was just visiting, i.e., he was supposed to be there.
The story about the Israelis celebrating the fall of the towers was an AP and Reuters story and was reported everywhere.
I guess you're going to tell us now that the AP, Reuters, The New York Times and The Washington Post are all anti-Semites now, is that right?
Fucking hilarious! I wonder if you realize that it is people like *you* who are Israel's worst enemy.
Is this truly the only Earth I can live on?
pls
@Ll J00 5L4$hD0+teR$ c4N $uck 1+! N0BODy c4N br3Ak My l33+ 3NCRyp+10N $cheM3.
J00 4Re 4LL L@MEr5 4nD H4ve n0 cryP+O9r@PHY SkiLl5.
Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.
There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.
This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.
The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.
The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:
Amount x Probability of Payment x Probability of cracking - cost of time.
The challenge is in any case over. I can't find out how long the challenge was offered for.
As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.
For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.
I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.
The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
corebreech, your a troll.
An anti-semetic hatred filled one at that.
Out of your last 24 posts 6 were revied, and half of them are labled as flaim bait or trolls. The only time any ever responds to your posts is when your bashing Jews.
Over 3,000 Jews died in 9/11. Muslims, Christians, Jews and more died together. If we can never seem to get anything else done to gether let's all, at least, agree that we did that.
Grow up, or stop wasteing our air. (by "our", I am refering to humans in general, not arabs or jews)
I would rather be ashes than dust!
So... (just interested in getti8ng this right in my head ya see) it is possible to generate a truly random number, by inputting a random number into the workings to get a random number as it were? Or am I still just, say increasing the encryption of a psuedo-random number?
yields theoretically perfect encryption (i.e., it would be "unbreakable"). Of course, one-time pads aren't practical, but it'd be perfect.
There is not such thing as unbreakable encryption, unfeasible yes, but not unbreakable.
You can have a trillion bit key but even that won't help a flawed algorithm.
Of those 2 million people who tried to crack the code how many were trained cryptoanalyst?
It's a nice concept but what does it matter if you can't read it encrypted. In an encrypted environment where noone will be able to watch your steps and record your doings. It's like locking your door and having someone watch you through the window..
You might know the plaintext of one particular message, though. This sort of cryptographic attack was used in WWII. You do something that you know will cause a reaction, eg, have the resistance blow up a water treatment plant in the occupied town of Yppi, and then you look for encrypted messages coming from the local occupation headquarters, and you can be fairly sure that "Yppi" and "water treatment plant" will be in the message, which gives you a good start at breaking many cryptosystems. If the enemy uses a very standard format for messages, as militaries and governments often do, you may be able to guess the entire text.
And this is OTP - there is no such thing as "private key" or "public key". If you add an asymmetric cryptosystem, sure, you can make it stronger, but if you have that, you probably won't be using OTP anyway.
(There Ain't No Such Thing As Unbreakable Encryption....)
Any mathematician can tell you that "unbreakable encryption" is the same category of beast as a perpetual motion machine. It's ruled out by basic mathematical principles that are themselves so well established that the probability of their being wrong approaches zero.
Any decent cryptographer or cryptanalyst can also tell you that a very good encryption tool doesn't have to be unbreakable. It just has to be too hard to break to be worth the trouble.
Catherine
An anti-semetic hatred filled one at that.
I am an anti-semite because I point out the truth? You can easily discover this for yourself by doing a Google search. I am only reporting what the AP, Reuters, The New York Times and The Washington Post have reported. Are they anti-Semites too? Oh my!
Out of your last 24 posts 6 were revied, and half of them are labled as flaim bait or trolls. The only time any ever responds to your posts is when your bashing Jews.
What the fuck does revied mean? And where do I bash Jews? You mean Israelis? Israelis are committing atrocities in Palestine, and deserve our condemnation when warranted.
Over 3,000 Jews died in 9/11.
You see, statements like this may end up causing me to sympathize with the Holocaust revisionists. Is this really how the figure of 6,000,000 dead was reached? By gross exaggeration?
Grow up, or stop wasteing our air.
I'm sorry, but certain facts that have been stated here were being dismissed as anti-semitic. This is simply not true. The Odigo story, the one Israeli casualty at the WTC, the cheering Israelis, these are all stories sourced from the mainstream media. Indeed, two of the most critical stories come from The New York Times and The Washington Post.
Are you calling them anti-semitic too? Why not?
If there is anyone who has a problem with hate, quite clearly, it is you.
Is this truly the only Earth I can live on?
Nothing for 6-digit uids?
And you're ignoring whole classes of problems, like the exponetial time/space problems, and even the NP-Hard problems wouldn't be affected by a proof that P=NP.
To prove that this is completly unbreakable. Just encript a document such as a book report or a random internet document, then send it off and make it look a lot like a letter from a terrorist. guaranteed, the FBI would have it cracked in about 48 hours at the least.
sorry, a flashback to mel brooks history of the world, part I. I can still see the giant star of david space ship floating by...
I understand the known plaintext idea you're suggesting. I just don't see what is gained.
Yes, I know the first text is: "Welcome to SuSE Linux 8.1[LF]Login:".
Knowing this only reveals the first part of the one time pad. So what? That part is now known but is never used again.
Okay, so you have a MITM. The MITM can send a different plaintext for the part of the pad he knows. But that part of the pad is expected to be used to say "Welcome to SuSE Linux 8.1". If I don't see that first, I am suspicious.
Finally, every message might be digitally signed. Now the MITM cannot forge the signature.
So in summary: (1) the MITM can learn the OTP for a useless part of the message, and the OTP will never be used again. (2) the receipient can tell that messages are not genuine.
Is there something here I'm missing?
The price of freedom is eternal litigation.
Anythign that can be created can be broken unless you cant change it back ;-P
My truly unbreakable cryptography, implemented in Java:
public String encrypt( String cipherText )
{
return "5";
}
Parent score: -1 ?
:-/
Must be something wrong with my sense of humor, because I thought it was funny
the problem was, I couldn't decrypt it either...
It turns out if you have a key, you can just guess at it, and eventually break it... I just went to the source of the problem... the key. If you don't have a key, you can't break it. Unfortunately, as it turns out, you can't decrypt it either.
Seriously thhough:
It probably is theoretically possible despite what you may see on here to make an unbreakable encryption. The only problem with this is that it can only be used on data less than the key size(AKA one time pad) and random data(AKA data of an unknown format). If you can accomplish either these two, I don't think anyone will be able to break it. The problem is: With a one time pad, it's pretty much the same as carrying the data to the other end; data is useless unless someone can understand it.
I've always wanted to start a cryto challenge of a crypto that had no signature and was of nearly random data. The problem is, computers are not that great at pattern matching, and won't be able to find a good pattern in your data format to begin with. This is compounded with no verification that the key you used is valid. In theory, you could get anything out of the decryption if it weren't for that pesky external signature. Remove those, and it could decrypt to just about anything the same length.
In a nutshell, if you had the perfect compression (theoretically impossible) it would be impossible to break your encryption (if you didn't have a signature or hash for verification). Now if only compression was encryption oriented (no predictable bits... thus not perfect), we would be all set. If you researched enough, you may be able to make it very hard to predict bits in compression.
Most encryption in the past has been broken by the redundancy of the data (Signatures, statistics, etc.) so that you know if you have the right key (the signature matches, the MD5 matches, or it looks like the target language). If it's impossible to know if you have decrypted the message, it's impossible to break.
Karma Clown
I'm gonna stick my head out on the chopping block and talk about the term possible. Mathetmatically ANYTHING is possible. There is no perfect mathmatically impossible situations. Thus mathmatically speaking it is possible to build unbreakable encryption. I would personally say it's roughly as probable as IIS never having a security flaw again, or say cw.net removing all the spammers from it's systems. in _THEORY_ every encryption is now unbreakable, since doing so violates the DMCA. Well we all saw what that got the world, now, didn't we? anyways my two cents.
Well mathematically something can be proven to be unbreakable then along comes something to break it.
Anything and that means everything is suseptible to cracking. Even the ultimate scheme known as One Time Pad can be broken.
You may say that this cannot be so, but it can. You want to know how? Through the wonders of social engineering thats how. The weakest link in any security scheme is us.
I dont care how secure somebody says something is, its useless when humanity gets involved because people are lazy! They take shortcuts, write bad implemenations, choose lousy passwords, etc.
Only if humanity is not part of the equation will security improve.
"You're on my side and the dark side, like Lando Calrissian?" --Gimpy, Undergrads
Last week Slashdot declined to post an announcement
about Penn & Teller's new show "Bullshit!" in which
they debunk psychics and quacks and other such
nonsense. Yet they seem to think it's OK to post
claims of unbreakable encryption or repeatable
compression or other things that don't even pass
the laugh test. Isn't this supposed to be "news
for nerds", who presumably have working brains?
I'd expect these kinds of stories on AOL, not here.
--Lee Daniel Crocker : http://www.etceterology.com My life is in the public domain.
Those readers who submitted this obvious bullshit to Slashdot should be ashamed of yourselves. A little dose of cynicism is mandatory to cut through all of the bullshit would be tech companies spew out.
Search 2010 Gen Con events
In the article, their founder is clearly talking bullshit.
> "All other encryption methods have been compromised in the last five to six years."
Yeah, right. That is enough for me to assume that all his other claims are bullshit too.
Christian
--- Eat my sig.
Wouldn't it be better to release the encryption and have it tested in the real world before you classify it as unbreakable?
Well, what if you changes "Allies bombing Berlin - send help!" to "Allies bombing Munich - send help!"? The fighters are sent off to the wrong city.
Your suggestion of using PKI only helps a bit. The discussions of OTPs suggests that you don't trust mathematical cyphers.
This is fixed by having a random message header and a message digest at the end.
Header generation is the only tricky part. You need to anticipate the case where the whole message is seen in plaintext and subject to a MITM attack. This means you can't let the enemy substitute his own random header (because the header plus the message are the whole thing, he could then forge the digest). So you base the header on the only thing you can assume is secret, the pad itself. Take the first sixteen bytes of the OTP and encrypt the first eight with the second eight. Use this as the header for the message. Then skip these bytes (of course) and start encrypting the message.
Using the OTP like this means that the attacker can't simply substitute any random garbage, it must be based on the OTP, and it's not fixed, so he can't forge the digest.
Of course, you should actually burn your OTP after using it. Not only does this keep the message from being decrypted after you're captured, but it also means that you'll never accidentaly receive the same message twice (a replay attack) because you won't have the key which would decrypt it anymore.
Umm, one-time-pads have no decryption "key", that is why you can't crack a one-time-pad...ever. One-time-pads only have the pad.
There is -no- deficiency.
You obviously don't understand one-time-pads.
+4 cents contibuted.
Your suggestion of using PKI only helps a bit. The discussions of OTPs suggests that you don't trust mathematical cyphers.
The OTP is to prevent reading of the message by Eve. And is proovably unbreakable for that purpose. PKI is to ensure authenticity of the message. Using OTP does not weaken PKI. Using PKI does not weaken OTP.
The "known plaintexts" you suggest, such as standard header stuff, like "login:", cannot be replaced without arousing suspicion.
Merely knowing that the message will contain "water purification plant" and "Munich" will not do anything. Any bits in the message could be the result of XOR'ing "Munich" with part of the one time pad.
So I don't see any weakness of a OTP with a MITM, especially if digital signatures are used. In fact, the "signature" could consist of a standard message trailer that consists of: MD5( body-of-message ) XOR more-bits-of-OTP. Now we're not even using PKI. Just more OTP. Now you can't replace "login:" with some other six characters, because the MD5 won't match.
The price of freedom is eternal litigation.
This way we can have two options:
- Give me enough time and enough cpu cycles that i can break any encryption...
- Steal the keys
Just a thought...var sig = function() { sig(); }
If not, Great, now the foreign terrorist aren't liable when using encyption.
Wrong. Check the errata of AC-- Schiener is not a physicist.
Remember kids, if you criticize the current actions of the current government of Israel, you're an anti-Semite.
We've learned this lesson well in America, too; if you criticize the current actions of the current government of the United States, you're a terrorist.
Aren't sweeping generalizations fun?
We're going down, in a spiral to the ground
"Our technology, VME (Virtual Matrix Encryption), is quite simply the only unbreakable encryption commercially available." - quote from www.meganet.com front page.
i dont know about the rest of u but this kind of hype only manages to tick me off. i mean what a load of BS! before even looking at the (very minimal and decidedly not technical) information on their site about there supposedly briliant algorithm, this kind of quote screems "BOGUS!" to me.
simply put, this looks like a big load of crap to me.
'nough said
It's all marketing, or at least hype. Unbreakable encryption is impossible with the current available technology. The only unbreakable encryption that would be possible would be using physics to transmit the message to a specific point and time so only the viewer at that point and time would get it, any one else would destroy the message as soon as it was viewed but even that can be broken if you know where the message is headed.
Let this sink in:
Extraordinary claims require extraordinary evidence...
You may want to note that the dicipline of science puts the burden of evidence on the person making claims, just like most judicial systems put the burden of evidence on the accuser, rather than the defendant.
By default, this is snake oil.
Should somebody investigate it? Sure. Is it our burden to prove it's unbreakable? No.
If truely lives up to it's claim, the academic community will be giving out nobel prizes to our Isreali friends, every tech journal and business magazine will have an article on it, and the news will resonate across the Internet, because these guys have proved the smartest minds wrong.
I will salute them if they did it, however it's thier burden to prove it, just like it's Silvia Browne's burden to prove she's psychic.
"Communism is like having one [local] phone company " - Lenny Bruce
Did I miss something, or how can you send an encrypted message without sending the encruypted message? What is the VME engine sending, if not an encrypted message? There's only four things you can be trafficking in: the plain message, the algorithm, the key(s), the encrypted message. Miss the algorithm or they key and you're into brute force - whether you're the intended receiver or the hacker. Miss the encrypted message and you can stare at the key and algorithm all day and you got bupkis, no matter who you are. Garbage in/garbage out or in this case, nothing in/nothing out. Maybe this is security through obscurity - sure is obscure sounding to me.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
The parent comment asked "Do you think there's such a thing as unbreakable encryption?"
...of course, others may have the same opinion. Tagging it redundant overlooks the fact that what I posted is in direct response to the question. Otherwise, after the first two comments of yes and no, every post in the thread that agrees or disagrees is redundant. Wasted mod point.
Now that someone has figured out unbreakable encryption, we can use this to figure out the Beale code.
Hey, nothing's impossible... just highly improbable.
:)
Of course, that same logic applies to whether anyone would ever break their encryption
Umm, one-time-pads have no decryption "key", that is why you can't crack a one-time-pad...ever.
With one-time pad the segment of the pad in use IS the "key".
But if you don't like that usage, replace "solve for the key" with "solve for the segment of one-time pad used".
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A"[).]
Isn't that enough? I mean, look how much easier a shakespeare's monkey attack(heheheheh... ok, I'm full of coffee) just became. I'll assume that there is much I don't understand here, but could someone please explain how any of these different codes stand up to a brute force attack?
Literalism isn't a form of humor, it's you being irritating.
2^256 -> 2^64 units in x,y,z and t.
2^64 ~= 10^19
atoms are roughly 10^-9m apart, so it would take a cube with a side of 10^10m (10 million kilometres) to have that capacity.
result: not on this planet but compared to the sizeo of the universe: peanuts.
i know. i crack around 100-bit ciphers daily (log2(26!))
When I read this: "All other encryption methods have been compromised in the last five to six years." I threw a fit. That's total crap. Further, the new encryption method claims to use a million-bit key... so what? A 256-bit key is more then enough to ensure the security of your data for 1000's of years (taking into account Mr. Moore) using some algorithms. I am raising an exception! And this article is CRAP!
from their web site:
-------
The weakening of public crypto systems commenced in 1997. First it was the 40-bit key, a few months later the 48-bit key, followed by the 56-bit key, and later the 512 bit has been broken - the parameters to break this algorithms and the ones who have not broken yet are still the same -- computing power and time.
-------
Yes, well, the 40-56 were symmetric, while 512 was asymmetric. Big difference, though not for them.
Another one:
-------
If the data is not encrypted, it cannot be decrypted. What you would have, in effect, is an algorithm that cannot be broken, regardless of time and computational efforts. This has been the cornerstone in Meganet's effort for pioneering Virtual Matrix Encryption.
-------
he he, if the data is not encrypted...
I can't understand these guys. They are obviously out to lure the naive investors, but why don't they at least make claims that are not so easily seen as stupid?!
Because the one time pad is the message xor'ed with a random set of numbers. If you send a OTP message with 1000 characters, then a brute force attack would reveal every possible message that could be 1000 characters long, including the first 1000 characters of all of Shakespeare's works.
The only problems with one time pads is if they are not truely random, or if the enemy recovers a copy of one of the pads from one of your agents.
Good Times.
The reason that OTP's are not used in most computer conversations is that it is difficult to deliver a set of the OTPs to the recepient.
I still think that something can be done with a chaos theory equation, because you can have a CDROM full of randomly generated initial starting positions and a number of times to iterate before starting the equation and doing a brute force break on this kind of computer problem would take years.
Imagine that there are 6 64 bit variables that each feed back into the equation, and a 64 bit depth to interate for this particular one time pad , and a selection of which variables to to use to encode/decode. That is 8 bytes per 7 values, for a total of 56 bytes, or a total of 11 million OTP's on each CD. Now imagine that you have another very easily destroyed piece of rice paper that someone you don't know slips under your door every morning with the paper to tell you which of the 11 million entries to use to decode that days messages. The part that requires processing power is that you can have any of the 2^384 initial starting conditions having to be iterated upto 2^64 times each before they can be used. Plus you have no clue as to which message is tied to which decryption code.
(it is hard to imagine building a machine with matter that can count to 2^256
I'll do it. Give me 257 bits. (btw, you might wanna go get some coffee, this'll take a while)
a compulsory partner in international and ecomonic affairs for many years already. I bet (and hope!) there are enough self-critical US-citizens to consider a possible conspiracy-like alliance between the US and Israel.. further incognito investigation needed.
Very first comment says that it isn't a cracking program (needs actual pwd(s)), and that it 'just' is a reverse engineering to decode some header info from vme files from meganets software.
why run from Vincenzo?
I just use the mod points on my posts. I then multiply that by my karma-factor... oh wait, that's a constant "bad".. rats. Anyway, my posts mod points - can't get much more random than that!
[Of course it's client-server; it runs on a LAN]
We can no longer attribute the recent rash of duplicate posts to mere absent-mindedness on the part of Slashdot editors; for here is a post that, while not technically a dupe, is essentially a dupe, in that the topic has come up many times, and they've even thumbed their noses at us by including links to the nearly identical articles!
For people that are aware at the moment in the world of cryptography there is a weakest :D.
link problem occurring. As the proverb goes, "the chain is only as strong as its weakest link"
and in this situation cryptography also falls into this category or conundrum. This is an inevitable
problem for all cryptographic protocols.
From the very beginning of the Caesar ciphers till today it has been concluded that any kind
of encryption system requires keys, even the theoretically unbreakable OTP methods require keys.
Today's key exchange protocols are all based on discrete log methods which are susceptible to
factoring. Even though the symmetric ciphers of today are unbreakable with 256 and 512 bit key
sizes, getting those keys on both machines for protocol to work, is not a secure a task as it is
meant to be hence the weakest link paradox, AES, RC-X etc are all very strong but depending on 1
method which is common to them all KEY EXCHANGE. Get that right and a lot of people will be out of
a job ha ha ha ha ha ha
Hence it can be concluded that until the key exchange problem is solved there is no way anyone
can say they have developed an "unbreakable" crypto-system.
Arash Partow
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
It's called the brain. Only a Vulcan can read it.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
No, I meant, if you're using a one-time-pad it's probably because you don't trust mathematical cyphering. OTPs are awkward and modern cyphers a very secure. So, you probably wouldn't use PK with your OTP because if PK was an option, you'd just use it from the beginning.
A partial known-plaintext can't be replaced without suspicion, if you don't know where your string is, in the cyphertext. Correct.
However, if the location is known (as in a standard message, or a packet of known type) you can easily change the plaintext to a string of your choice. So you propose the message digest, so that a change will be obvious.
This doesn't work though, in the situation where you know *the full, exact plaintext*. If you do, you can substitute any message of the same length and calculate your own message digest.
This means you need to prevent attacker ever knowing the full plaintext. You can't assume they'll never see it because they may feed the message to someone to transmit. So you need to pre/append random characters. This way, even if they know where in the string the plaintext is, they can't know the whole thing, and thus can never forge the message digest. Because the random header is based on the OTP itself, they can't just make it up.
If you're using PK this is irrelevant, but if you're using PK, why are you wasting your time sending OTPs around? With all the weakness that can come from an incorrectly used OTP you're better off avoiding them unless you *need* absolute security that you'll lose if they invent a magical way to factor numbers tomorrow.
...of waterproof watches?
Now, they're "water-resistant."
There's also "shatter-resistant" glass, plastic, etc. I don't even think anyone refers to anything as "rustproof" any more.
These people have to know this is a marketing ploy. It'll work for only as long as people are stupid enough to believe it.
--------------Rev. C.C.Chips---------------- For the real truth, visit
coward? (id like to see what you look like with 3 bullets in your head as you stare at your computer screeen with blood coming out of your ears...)
ignorance is a bad habit its worse to show off your ignorance by saying things like "There is no unbreakable method of encryption".
Its obvious that anything created by a human can be destroyed or in this case "cracked" by a human BUT, that does not mean that because you are a human you have the required level of intelligence as the person who created the algorithm.
If I'm wrong, then go ahead and break the algorithm now! WHAT are you waiting for? What? oh ok I see your thinking of something "intelligent" to say, right? (loosers).
Yes. And there are plenty of Jews in all those countries who claim to be Italians, French and Germans, and they often can be found owning a lot of property... It's not so easy for a non-Jew in Israel to do the same.
****
Oh, gosh we mentioned Germany! Of course, we've all heard, ad infinitum, about the German/Nazi crime, the "holocaust". (We certainly don't often hear that most of the people killed in the concentration camps were actually NON-Jews... If ever we do hear this, then there's always some screaming Jews around to quickly prevent the spread of such vicious "lies".)
****
Convert to Judaism? You lie that it is so easy. You will not be considered a true Jew, even if your father was Jewish, if your mother was a non-Jew.
Jews were some the worst racists and elitist exclusionists in HISTORY. It's the very basis of their religion and identity.
The growing global wave of new anti-semitism is not mere knee-jerk scapegoating. (It's very possible that the OLD anti-semitism wasn't, either.)
When we get a chance to examine the actions of Israel, unhindered by the constant lies of a Jew controlled mass media, we plainly find exposed the worst kind of behavior that human beings are capable of. The coldly organized and sustained campaign to steal land. The constant lies, media manipulation and intimidation to hide that campaign. The assassinations. The systemic corruption that dominates their country. The shameful begging for American taxpayer money to fund the whole stinking charade.
Jews and Israel are becoming scorned all over the world, yet AGAIN. And America, since it supports these liars, murderers and thieves, is being led like a sheep to the slaughter, into the coming conflagration, too.
I will certainly be called anti-semitic though I never considered myself to be. But with each new passing day, and with increasing information, it seems more and more an honor to be called one.
Cheers, mate.
Absolutely, unquestionably FALSE, to anyone versed in crypto - or not, as long as he/she is not a complete idiot.
A one-time-pad is quite well-known to be utterly uncrackable (as long as it's used only once -- hence the first two words of the three-word phrase!).
The idea is this: (1) there's a 'message' - which can be represented as a string of letters (and/or numbers). [It's assumed that the message WILL be intercepted as it's transmitted - so it needs to be 'scrambled' so that (a) the 'enemy' who intercepts it can't understand it, but (b) it can be 'unscrambled' and read by the intended receiver.] (2) Generate a string - the same length as the message - of utterly random letters/numbers -- the "one-time pad". (3) Using the random string from the OTP, encrypt the 'message'.
For instance, if the first letter of the message is "A", and the first character of the one-time pad is "G", you might 'add' the A to the G - by adding 1 (the position of A in the English alphabet) to 7 (G's value), to get 8, or "H", in the encrypted message. (When the result is greater than 26 - as when the original message, or 'plaintext' character is "X" and the corresponding one-time-pad character is "R", or 24 + 18 - you'd just express the result mod 26 (subtract 26 repeatedly until the result is less than 26), in this case: 42 - 26 = 16, or the letter "P".)
The trick with one-time pads is that the receiver must have a copy of the (by definition, essentially random) decoding key in advance -- the disadvantage, obviously, being the distribution of keys. (The Diffie-Hellman key-generation technique was developed at least partially in response to this issue -- two people who are separated, and communicating on what's assumed to be a compromised channel (i.e. -- they assume someone's 'listening in' on their conversation) can generate a common key for further secret communication EVEN IF someone is listening in on the entire exchange of information between them!
(This is pretty profound, when you think about it -- I tell you something, and you tell me something, and from that we generate a key -- and even if Alice intercepts everything we tell each other, she can't possibly figure out the key! The whole trick lies in what we each keep to ourselves - the 'starting numbers' we each use to generate what we DO share. These are NOT communicated BUT are essential to the resulting key we each end up with....)
Bottom line - the anonymous coward who said (a) "with an OTP alone I could generate all possible messages..."...yadda yadda, and (b)"there is no uncrackable encryption, therefore, information is free" is a moron. The first statement is equivalent to saying "I can crack any encrypted message of n characters by generating (roughly speaking) n! random messages -- one of them will be the correct (original) message! (That's like saying that all you need to decode any encrypted message is an infinite number of monkeys typing at random -- sure, eventually one of them will type the 'correct' message, but there's no way of telling WHICH, of the very, very few sensible typed messages that emerge, is the original one....)
As for the 2nd assertion - that "there is no uncrackable encryption, therefore information is free" -- this is both false AND stupid. A one-time-pad, correctly implemented, IS uncrackable. This is well-known and well-accepted in the security community.
And the anonymous coward's conclusion - that the supposedly inevitably 'crackable' nature of all communication implies that all information is ultimately 'free' - or what I assume he means: "knowable" - is incorrect. I guarantee that I can transmit a message with a O.T.P. that no one, no matter how much computing power he/she has at his/her disposal, will EVER decipher.
Pattern x ("true") Randomness = Randomness - period.
Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.
hmmm.... simple calculation:
2^64 ~ 2x10^19
#stars in the universe ~ order of 10^20
"Some things are better left unread" = 64-bit key brute-forced already using a tiny fraction of the energy available to one planet orbiting a typical star.
So... yes there is easily enough energy in the universe to brute-force a 128-bit key. In fact, there is probably (barely) enough in our galaxy to brute-force a 256-bit key, if you could get all of it. (This according to a Schneier calculation: see Applied Cryptography). But it's not going to happen anytime soon.
Furthermore, these assume that the cipher is perfect, ie that brute force is the fastest possible attack. That's the hardest part of designing ciphers, and proving that any particular cipher is perfect would require other important things like P!=NP.
Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.
The security per bit of an asymmetric cipher is less mostly because you give the attacker so much information (the public key). Furthermore, the attacker can trivially generate any number of (chosen plainext)-ciphertext pairs.
If you just had to choose a pair of primes for RSA, 134 bits or so would suffice to replace that 128-bit key (yay, prime number theorem!). The catch is that you have to publish their product.
I hereby place the above post in the public domain.
"For any product of N primes there is at least one gallois field,"
... pk there exists a Galois field F with p1*...*pk elements. The next paragraph self-indulgent argument to this effect which uses considerable machinery against a simple typo. Apologies in advance.
Just a few corrections for posterity's sake:
First, it is certainly _not_ true that for _any_ k primes p1,
(Let F be a Galois field. For any field, the prime subfield is isomorphic either to Q or to Zp for some prime p; here obviously Q is not contained in F, so Zp is the prime subfield. In particular Zp is contained in every subfield of F. So, suppose k > 1 and pick any p's not all the same; then write |F| = q^n * a with a > 1, a,q coprime and q not equal to p. Then there exists a Sylow q-subgroup - call it S - of F; then the group S* is a finite multiplicative subgroup of a field, so is cyclic; every cyclic group of a certain order is isomorphic, so S* is isomorphic to GF(q^n)*, and in particular S is isomorphic to GF(q^n). But this latter has characteristic q not equal to p. Zp is not a subfield of this; its prime subfield is Zq. Contradiction!)
Obviously what was meant is that for any integer prime p and integer n >= 1, there exists a Galois field GF(p^n) with p^n elements.
Furthermore, while it is true that there exists "at least one", more is true: there exists _only_ one up to isomorphism (this one is easy; as above, the multiplicative subgroup is cyclic and...)
(Finally, I am neither a cryptographer nor a cryptanalyst, so I am unqualified to speak on the balance of the parent message.)
Is is just me or does that last paragraph look like it's almost taken out word for word from Neal Stepheson's "Cryptonomicon"? Eh, but as long as it gets the point across, I suppose it really doesn't matter...
Instead of code like this: I can use a struts/jsp/xalan/soap/.Net enterprise engine to download non-random numbers by the truckload (okay, well, one non-random number) and assign, well
In a couple years the numbers sent back will be compatible with multiplying by a constant. I don't know where I'll get a constant other than "1", but still... it'll be huge.
(Seriously, I love noentropy.net. Please go buy a t-shirt)
Take all the ascii values of all the characters and add them together then devide by 254 and round to a whole number.
Decypher method: None.. it's uncrackable.
I don't actually exist.
XOR with one time pad is proven unbreakable. Not really any tougher than that. Israeli company has not invented anything new, and most importantly - bad algorithms are bad no matter what the cipherlenght is, and protection does not nessessarily grow linearly with cipherlenght.
So, where is the specs of the widget anyway ? It's not secure in any level until proven so by definitve cryptoanalysis. Or is this some pr-dept wonders, security-by-obsecurity ?
2^256 < 10^100. i think you should doublecheck your results.
This doesn't work though, in the situation where you know *the full, exact plaintext*. If you do, you can substitute any message of the same length and calculate your own message digest.
What you missed is that before sending the digest, you XOR it with additional bits of the OTP. Now the MITM can't possibly provide the correct OTP-encrypted digest.
So even using only OTP (proovably secure) and no PKI at all, you can ensure no successful MITM attacks even of the known plaintext variety.
With all the weakness that can come from an incorrectly used OTP you're better off avoiding them unless you *need* absolute security that you'll lose if they invent a magical way to factor numbers tomorrow.
Please clarify. The first half of the sentence seems to refer to avoiding OTP, the second half seems to refer to PKI.
More thoughts on OTP. The OTP can actually be made up of multiple parts XORed together. In order to send a message, I need to form the OTP. The OTP is never stored anywhere. But Bob, Frank and Joe each have a CDROM with a file of random bits. I take the next bits from the same parts of each of their files, XOR them together to form the actual OTP used for transmission.
Keeping the OTP under guard, say at an embassy or military installation is not that difficult. Even if different people have multiple "parts" of the key material needed to construct the OTP. Now, collusion would be necessary in order to compromise the OTP.
It may be that Bob, Frank and Joe don't actually keep posession of their key portions. These are stored inside the guarded crypto machine. Each of the three files of bits are encrypted using a strong cipher and Bob, Frank and Joe simply carry a token on their keyring, a PIN, and/or a biometric value form the key to decrypt their portions of the key material in the machine when a transmission is necessary.
You end up with all kinds of security. Proovably unreadable and unforgeable messages between installations. Within an installation, strong crypto is used inside the crypto machine to protect the OTP material. No one person can ever see the OTP material. In fact, it never leaves the machine, whose chips could be covered in epoxy resin. I'm sure someone imaginitive, who has nothing better to do than think about this problem for 8 Hrs / day could even improve upon my hypothetical scheme here to securely transmit secrets between various installations.
So do you still have any concerns about MITM attacks on an OTP based system?
The price of freedom is eternal litigation.
I don't think that would work. If you have six keys, (k1-k6) and XOR them with the plaintext in order, you can extract the key (collectively) for that piece by XORing the cyphertext with the plaintext.
p ^ k1 ^ k2 ^ k3 = c. c ^ p = (keys). fp ^ (keys) = fc.
(fp, fc - fake cypher/plain text.)
So, if Malory, the malicous attacker, feeds Alice a known message (or finds out about one she's sending) to Bob, he can calculate the message digest for it. Because he can calculate it, he can XOR it with the cyphertext (even if multiple keys were used to generate that cyphertext) and pull out the original digest. He then takes his new message, and plaintext, and XORs it with the key material he recovered.
Assuming the malicious attacker knows the whole message, and how to calculate the digest (a safe bet), he can always substitute his own message (and the appropriate digest).
You can get around this, in a hack, by using a property of the digest to select which piece of the one-time-pad to use to encrypt it. For instance, take the last two digits of the digest that you calculate for the message, use that as an offset into the OTP (throw the intermediate bytes away). This way, if the digest's last two numbers don't match the original, the intended recipient tries to use the wrong key material and of course doesn't decrypt the received digest properly, so they know something is wrong.
But, it's a hack. You'd be better off making sure you prevent the enemy from ever knowing a full plaintext by encrypting some OTP material with the message and stripping it off at the other end.
Please clarify. The first half of the sentence seems to refer to avoiding OTP, the second half seems to refer to PKI.
It is a bit convoluted, yes. I mean, using RSA depends of the difficulty of factoring long numbers. If you are afraid that this (and the equations other types of PK depend on) are going to become easy (like in _Sneakers_) you should look at one-time-pads, the non-mathematical system that can't be broken by cryptographic methods. But, OTPs are very sensitive to proper use. As has been demonstrated, even sending two messages with the same key destroys security for both. Not transmitting random data in the message makes them subject to MITM attacks, etc. While they are theoretically more secure, they are easier to use incorrectly which usually has a worse failure mode (less real security) than other methods of crypto. As such, you're better off avoiding OTPs unless you *need* that full theoretical strength, as it'll be such a pain achieving it.
More thoughts on OTP. The OTP can actually be made up of multiple parts XORed together.
That's a reasonable precaution against capture of the pad. You're more likely to notice one of three attempts to break in and steal the OTP, etc. But once they're XORed together, you're back to a single key. It doesn't matter how many keys you XOR the plaintext with, I can XOR the cyphertext with the plaintext, and seperate all the keys.
I'm sure someone imaginitive, [...] could even improve upon my hypothetical scheme here to securely transmit secrets between various installations.
If you want ideas on how to make OTPs more secure, how about taking each byte of the plaintext and skipping into the OTP based on the value of that character? Let's assume infinite pad material. Based on the ascii value of the first byte (encrypted with the first byte of pad material) you skip that many bytes of pad material. For instance, if the plaintext is 'A' you skip 65 bytes of pad material to get the "key" for the second byte. If the plaintext is known I can calculate what the "key" is for that block, but if I substitute a different message the key would change. (This is how many cyphers work, using either the plain or cyphertext in a feedback loop.)
This way, if the message is altered you won't use the same portion of the pad to decrypt it and it'll result in garbage.
You don't need to skip that much key material, maybe take the modulus 3 of the running md5 sum of the message. You still want a footer to the message to prevent the last character being changed; "Being Attacked!" to "Being Attacked?" for instance.
But, your best bet for using OTPs is to encrypt secret keys for 3DES or some strong cypher, use the cypher for the actual data transfer. Use OTPs 100% strength on short message where it's worth the time of hauling around key material, and use it sparingly so you don't make a mistake which is all too easy when using OTPs for real.
So do you still have any concerns about MITM attacks on an OTP based system?
Yes. They're pretty easy to implement improperly. I know everything I proposed is required to fix a flaw in the basic implementation, but I doubt that's anywhere near the end of the flaws.
That's a reasonable precaution against capture of the pad. You're more likely to notice one of three attempts to break in and steal the OTP, etc. But once they're XORed together, you're back to a single key.
I understand that, and the implications.
Assuming the malicious attacker knows the whole message, and how to calculate the digest (a safe bet), he can always substitute his own message (and the appropriate digest).
You have an excellent point here. My assumption was that some part of the message it not known. Then the digest cannot be calculated. I suppose you could use a psuedo-random generator to generate a sequence identifier, and XOR this with additional OTP bits, thus hiding anything about how the PRNG works. Then include this in the MD5 sum. Now even if ALL of the plaintext is known to MITM, he can't calculate the correct MD5, because he knows nothing about the PRNG ^ OTP-bits.
So...
CipherText = (PlainText ^ OTP-bits) + (MD5( Plaintext + (PRNG ^ OTP-bits) ) ^ OTP-bits)
The purpose of this is to prevent any MITM attacks or forgeries.
The purpose of multiple parts of the key XOR'd together is simply to provide better key management. The actual key never exists. Only in parts. Those parts are encrypted. The keys to that encryption might be then protected by PKI where the private (decryption) key is stored in a tamperproof card, such as IBM's cryptographic coprocessor. (The purpose is that secrets on the card never leave the card. Any attempt to open the card destroys the secrets. There is a whitepaper about how this works and boy is it impressive, detects radation, heat, xray, doesn't emit any signals that can be analyzed, doesn't allow power consumption to be analyzed (onboard battery), etc.)
But don't confuse the two purposes. THe multi-part key is just for OTP management and secrecy. Prevent one person from being able to disclose or even merely discover the OTP value.
Here's my improved multi-key idea. The crypto tamper proof card generates a PKI pair, gives you public key. Next, generate a key to a single key cipher. Encrypt the single key cipher's key using the public key from the crypto card. Now destroy the original single key cipher's key. Now only the crypto card knows the private key to decode, say Bob's key, from his USB dongle on his keyring. Bob's key goes into the crypto card. So does Fred's and Joe's. The crypto card can run custom software (a very complex process of signing, etc. to get it loaded.) Now custom software onboard the card can decrypt Fred's, Joe's and Bob's keys. Use strong decryption to produce the portions of the OTP from three CD-ROMs of encrypted bits. XOR them together. The card does not have much processing power. It just gets fed streams of bits via. the PCI bus. On the card, it produces the OTP, byte by byte, and OTP's it against the plaintext also being fed to the card. The card sends out a ciphertext. At the end, the card sends out an MD5 sum of a PRNG value (might as well keep the PRNG on the crypto card also for true secrecy) xor with additional OTP bits., and that MD5 sum xored with more OTP bits.
Don't confuse the purposes. The purpose of the MD5/OTP bits thing is to prevent any MITM attacks.
Do you see any problem with this scheme?
The fact that the crypto card is tamperproof is not a critical part of the design. You could just substitute this for a trusted PC under guard and only used under supervision. The crypto card merely ensures that secrets on the card, never leave the card, and CAN never leave the card. This card is an off the shelf item. Google for IBM Cryptographic Coprocessor and similar terms. I did a couple years ago.
The price of freedom is eternal litigation.
You know, actually, at this point we're discussing two things, and we were originally discussing one thing. Very productively I might add.
Back to MITM attacks on OTP.
I got to thinking, and realize that the scheme I previously outlined could be simplified.
Transmission = (Plaintext ^ OTP-bits) + MD5( Plaintext + 16bytes-of-OTP )
The OTP bits are by definition unknowable in advance by MITM. Now even if the entire plaintext is known by MITM, as you suggest, MITM can recover the OTP-bits that were xored with Plaintext. But so what? Since the next 16 bytes (128 bits) of OTP (unknowable) are appended to Plaintext to affect the MD5, then MITM cannot possibly ever generate the correct MD5 value to authenticate the message.
Very simple. Prevents forgeries when all Plaintext is known. Does not use PKI. Only uses secure OTP.
The MD5 can be sequentially processed at both the transmitting and recieving end.
Schemes for key management, and designs to exploit the additional security of tamper proof cards are a seperate issue. But I do love the idea that the OTP never exists anywhere (was destroyed after Bob, Fred and Joe's CD's were made) and is only recreated in an environment unknowable to the outside world.
The price of freedom is eternal litigation.
Yeah, I accidentally multiplied by 4.4e2x instead of 4.4e-2x. My bad. The results are still grotesque no matter how you slice and dice it, though.
"Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography" What do you expect? You ought to read "The Jews and their lies" by Martin Luther. 16th century, England.
David Duncan Ross Palmer, author of OverChat
Okay, back to MITMs then. :)
...
:)
Transmission = (Plaintext ^ OTP-bits) + MD5( Plaintext + 16bytes-of-OTP )
Ok, we're both on the same wavelength. You can't let the attacker know everything that's being transmitted because then they can forge up a message digest for it.
My idea was, if I may borrow your diagram
Transmission = (OTP Bits ^ OTP Bits) + (Plaintext ^ OTP-bits) + md5(Plaintext + OTP Bits)
Your transmission is smaller, uses less OTP material, and is a touch simpler to implement, yet should be just as secure. Congrats.
Actually, to digress to key management for a sec, the "real" OTP never exists outside your encryption device because it's always derived from three completely random streams. This way for secure key creation you have Bob, Fred, and Joe each supply a CD (to each end) that they made themselves. This way multiple organizations can be sure there's no key-creator who can evesdrop, if they only pretended to destroy the key. Also, for inter-agency struggles, it's a good way to ensure that your agency is still involved later. As long as you contribue to the creation process, you are required to read the results, you can't be cut out.
XOR and Modulus Addition (and thus subtraction) have the neat property that if any of the independent inputs (ie, yours isn't chosen based on mine) is random, the results are random. If we collaborate on keys I can't possible sabotage the process, as long as your keys are random. (And if we're all sabotaging it, it's doomed.
If you're interested, I'm working on a project involving multi-party encryption.
The idea is to allow secure, and secret, generation of verifiable random numbers. In short, shuffling a deck (or rolling dice) and being able to "show" them to specified players, and after the game, prove that the process was fair without having to reveal any non-public data (ie, what your face-down cards were). There's obviously no way to prevent collusion, in that I tell you what my card is, despite you not being able to "see" it yourself. But in that, it's just as secure as any physical game of cards; colluding gamblers can covertly signal each other in many ways yet people still play these games.
I'm working on a project involving multi-party encryption.
That is interesting.
Now that we've discussed this, I am fascinated by the idea of multi parts of an OTP that was never known to anyone. Each party supplies their own random "part" of the key material. Each part was encrypted using a public key generated by the crypto card. Thus, it can never be decrypted, except inside the card. So the actual raw random bits are now unknown. (They could be encrypted by the public key even during generation.) You know, as I think of it, I'll bet the crypto card has a random generator (not psuedo). By loading a custom application (with all the incredible signing headache that is) onto the crypto card, you could have the crypto card produce three encrypted stremas of data to save. Even if you have all three encrypted streams together, you cannot recover the OTP from them, because the three streams can only be decrypted and then combined into a OTP from inside the crypto card. Outside the card, you can never decrypt those three streams. Now they are really secret. In fact, one key known inside the card could encrypt them all. Thus, you could have a multi-part key with an unlimited number of parts.
You could build the application to require a minimum number of key parts to send a message. Thus a message could be sent if you have a minimum of 1 General and 2 Majors. But also if you have 3 Majors and 3 Captians. In the message header, indicate which key parts make up the OTP, but using another OTP.
Even if you know which three people sent the message (known plaintext against the "header" OTP), you can't alter it, or the message won't decrypt at the other end, because the receiver will use the wrong sets of key material to form some OTP to decrypt.
In other words, I may have 7 sets of key material, but any 3 of them can be XOR'ed to form a OTP. In the message I must have a header indicating which 3 random streams to form the OTP to decrypt with. This message header is encrypted using an eighth OTP used only for this purpose.
Anyway, I'm just having a fascinating time thinking about all of this.
It really makes me wonder what kind of thinking goes into real systems that keep important secrets vs. my amatuer scheming.
The price of freedom is eternal litigation.
Tell me the number you were thinking of."
You're the man in the middle...you tell me!
You still don't get it.
The attack I'm talking about involves the man-in-the-middle KNOWING what "the number you were thinking of" AND intercepting your transmission AND substituting a forged transmission of his own. The first part - knowing "the number you were thinking of" - means he needs to get that by some OTHER route than your intercepted message.
I have your transmission. To construct the forgery I'll also need the number you're thinking of.
I suppose I COULD send Guido to beat it out of you. B-)
But that seems a bit extreme just to prove a point in a slashdot thread that is already off the front page.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
...in the February 15, 2002 issue of Crypto-Gram. They are the current residents of his Doghouse.
Floating face-down in a river of regret...and thoughts of you...
Three great scientific theories of the structure of the universe are the ... A fifth
molecular, the corpuscular and the atomic. A fourth affirms, with
Haeckel, the condensation or precipitation of matter from ether -- whose
existence is proved by the condensation or precipitation
theory is held by idiots, but it is doubtful if they know any more about
the matter than the others.
-- Ambrose Bierce, "The Devil's Dictionary"
- this post brought to you by the Automated Last Post Generator...