Israeli Firm Claims Unbreakable Encryption

Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...

One Time Pad

[Overand]

One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]

Re:One Time Pad

[jtdubs]

Also of note:

You CAN NOT use the same pad more than once. Hence the name "One-time" pads. Here's why:

Here are two messages, encrypted with the same pad:

cyphertext1 = plaintext1 + one-time-pad
cyphertext2 = plaintext2 + one-time-pad

For short:

c1 = p1 + otp
c2 = p2 + otp

Now, I get ahold of both cyphertexts, and I suspect, or guess, that they were encrypted with the same key.

(c2 - c1) = (p2 + otp) - (p1 + otp)
(c2 - c1) = (p2 - p1)

So, now, the "enemy" has a new set of numbers, obtained by the subtraction of the two cyphertexts, and this result is also the subtraction of the two plaintexts as the one-time-pads cancelled out.

A message that is simply the difference between two plaintext messages is trivially crackable via statistical analysis.

Anyone who enjoys encryption theory and a good yarn should go pick up a copy of Neal Stephenson's Cryptonomicon. It is one of the best book I have ever read.

Justin Dubs

Re:One Time Pad

[Des+Herriott]

Quantum cryptography has the potential to solve problem (2) - it allows (what appears to be) truly secure key distribution by exploiting the quantum properties of photons. It's gone beyond the theoretical stage, and quantum channels have even been established through air (as opposed to a fibre-optic link).

Problem (1) is really hard to do well. And, no, a cheap soundcard is not the answer :)

Re:One Time Pad

[lars_stefan_axelsson]

One solution is to use a universally accessible pad that's pre-agreed upon. Like, "download CNN.com at precisely 5:00am, convert it to binary, and use that."

That's a book cipher, and it's not a one time pad. There's a lot of structure in your pad material.

No, the problem is still the random source. If you have two sources that produce the same key stream they are not "random" in the sense that we mean. And if you distribute (broadcast) the pad, then you have the key distribution problem again.

Not to say that book ciphers cannot (and have not) been used to good effect. But one-time-pads they're not.

Re:Exceptionally random cipher text

[szo]

With hardware. Geiger-Müller for example. Or measuring thermic movement of certain electrons.

Szo

VME was broken

[eddy]

I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.

It's snakeoil. Just marketing, no security. Move along. Nothing to see here.

Re:This is the dumbest thing I've read in a long t

[Twylite]

In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.

So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).

Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).

The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here, the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".

Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.

Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.

It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.

Beware of David Irving

[Joe+Enduser]

This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/

Snake oil since 1999

[ronys]

Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:

"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.

Key size, addendum

[Xner]

If any of you are wondering why asymmetrical cryptography requires larger keys than symmetrical cryptography, well, the answer is exceedingly simple.

Symmetrical cryptography does not depend on any specific properties of the numbers selected as the key of the cryptosystem. Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.

Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.

Most systems in use today are so-called hybrid systems, using both asymmetric and symmetric cryptography. Since a cryptosystem is as strong as its weakest link, you need to increase the asymmetric keysize to be at least as difficult to break as the symmetric part. Given the current knowledge of factoring algorithms and the like, you need at least a1024 to 2048 bit RSA key to stack up against a 128 bit symmetrical key.