Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]
With hardware. Geiger-Müller for example. Or measuring thermic movement of certain electrons.
Szo
Red Leader Standing By!
I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.
It's snakeoil. Just marketing, no security. Move along. Nothing to see here.
Belief is the currency of delusion.
Unbreakable encryption is quantum encryption.
In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.
So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).
Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).
The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here, the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".
Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.
Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.
It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/
Have Linux installed at your place in Amsterdam, for cheap
Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:
"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
Bruce Schneier covered this way back in February 1999:
http://www.counterpane.com/crypto-gram-9902.html
I think we can file this under "snake oil".
Symmetrical cryptography does not depend on any specific properties of the numbers selected as the key of the cryptosystem. Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.
Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.
Most systems in use today are so-called hybrid systems, using both asymmetric and symmetric cryptography. Since a cryptosystem is as strong as its weakest link, you need to increase the asymmetric keysize to be at least as difficult to break as the symmetric part. Given the current knowledge of factoring algorithms and the like, you need at least a1024 to 2048 bit RSA key to stack up against a 128 bit symmetrical key.
Pathman, Free (as in GPL) 3D Pac Man
Relevant parts for the lazy:
Warning Sign #1: Pseudo-mathematical gobbledygook.
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Warning Sign #5: Ridiculous key lengths.
Meganet takes the ridiculous a step further : "1 million bit symmetric keys -- The market offer's [sic] 40-160 bit only!!"
Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe. For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless.
Warning Sign #8: Security proofs.
There are two kinds of snake-oil proofs. The first are real mathematical proofs that don't say anything about real security. The second are fake proofs. Meganet claims to have a proof that their VME algorithm is as secure as a one-time pad. Their "proof" is to explain how a one-time pad works, add the magic spell "VME has the same phenomenon behavior patterns, hence proves to be equally strong and unbreakable as OTP," and then give the results of some statistical tests. This is not a proof. It isn't even close.