Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
One of the creators can always sell out and show how to beat the system.
> creates exceptionally random cipher text and
> combines it with a one million-bit key
How can a deterministic computer create anything
more then pseudorandom ?
From the article:
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.
It is snake oil. Move along.
I believe posters are recognized by their sig. So I made one.
The first few paragraphs offer some details on what was developed...
Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.
Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...
Hate me!
Their glick is using a 1MB long key (4000 times longer than current encryption methods). They say it's going to be the strongest in the next 5-6 years.
The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
One time pads are not uncrackable by definition. They have two weak points.
1) The generation of the pads.
One time pads are as crackable as your method for generating the pads. If your pad is TRULY random than it can't be cracked via statistics and probability. You must also be sure that no one else saw the pads or had access to the same entropy pool you used to generate the pads.
2) The distribution of the pads.
Both parties need a copy of the pad for it to work. How do the parties get the pads? Is this process secure? If not, than the quality of the pad is moot.
Justin Dubs
They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.
Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.
And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?
I believe posters are recognized by their sig. So I made one.
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
One of the key metrics of a cipher's strength is how strong it is in comparison to its key size. 256 bit ciphers, if brute force is the best attack, are immune to brute force with any imaginable technology (it is hard to imagine building a machine with matter that can count to 2^256, let alone try and brute force a cipher).
Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.
I don't really see what the point is of this encryption scheme.
Because some experts have been burned by fakes in the past does not necessarily make everything snake oil.
Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.
Probably snake oil, yes. But on the other hand it could be something quite revolutionary.
There's nothing quite like apathy to retard progress.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The source of randomness isn't the stumbling block.
;-)
Getting good-enough randomness is easy enough now-adays. I mean, heck, check out random.org.
But, you still have to distribute the pad. You can always just use another one-time-pad to encrypt the pad before you send it though.
If you are distributing electronically, than you can send the pad out to your partner via some form of public-key encryption. But, now your security is not determined by the strength of the one-time pad (possibly infinite), but by the strength of the public-key crypto-system (certainly not infinite).
Justin Dubs
You're ignoring the distinction between symmetric and asymmetric cryptography.
Symmetric cryptography uses only one key for encryption and decryption. For such a key, 256 bits is quite secure.
Asymmetric cryptography uses a public key for encryption and a different, private key for decryption. If using the RSA algorithm then yes, anything less than 1024 is insecure. (Elliptic Curve Cryptography is also asymmetric but is still strong at less than 1024 bits.)
Meganet's algorithm is symmetric.
Whoever modded this up as anything but funny is an idiot. Of course distinguishing the correct answer from random text is part and parcel of cracking the code.
I bet when this guy takes a multiple choice exam, he just fills in *all* the boxes, and then claims that he got every answer right.
-a
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
I dunno, but a company that claims to have an unbreakable encryption algorithm that is not publically available and is not a one-time pad sure seems like something I wouldn't want to trust my data to...
I don't think this encryption is unbreakable. To me it sounds like they are relying on the massive keylength. Just because it has a large key, it is unbreakable.
Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by Distributed.net, and how quickly they did it.
The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
"All other encryption methods have been compromised in the last five to six years."
Oh really? I must have missed the press release when they broke 3DES.
"So far, two million people have attempted to crack the code, but none have managed."
2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?
-a
For a OTP to be secure, it has to be random. The contents of cnn.com aren't random.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
First thing first if this is a 1 mbit key then they are definately not using asymeteric(sp?) encryption or else the time to encrypt the single smallest message would probably years and to decrypt would be even longer thats with a key. ( Assuming the security between the private and public key is reasonable unlike inverse matricies which are 2 different keys but the use of the keys is quick ) so well everyone is still transfer all there credit card info with old encryption so thats down the drain. Even if it was asymeteric encryption then that means when your setting up your secure connection would take a handshake of over 1/4 of a meg but as I said before it is just symeteric. So with this large key how are they gonna transfer it seeing as it is symeteric? the answer is they can't the vernor ( sp? ) was invited a long time ago and its MORE secure then this *new* encryption Meganet created.
Okies now we got a 1 megabit key how are we gonna generate this key if we are gonna try to use entropy from the system its gonna take a long time to generate the data so there are only 2 solutions 1) we use a thermal diode which has to be at the right temperature and shield from RF or else it is statically attackable 2) we use a pseudo random software generator. 1 is not fesiable if we are requiring many keys to be generated at once i.e. as a symeteric component in SSL cause it still isn't fast enough and I won't bother looking at 2.
I think if this was of any importance or interest whatsoever, someone a little more upmarket and respected than www.israel21c.org would be carrying the story ... this is basically tabloid journalism on the internet, yet somehow it got on Slashdot.
... methinks someone upstairs in Slashdot wanted to start a stone-throwing session.
Hmmm
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
Couple of points. I'll ignore the obvious anti-Semitimism (and anti-Israeli racism here), and limit it to factual points, leaving the semi-educated (or better) reader to filter out the drivel. Number one: fpp is David Irving, a well known holocaust denier, and the recent loser in a British libel case.
Next, the article from ABC also states, "But the FBI told ABCNEWS, 'To date, this investigation has not identified anybody who in this country had pre-knowledge of the events of 9/11.'", which, of course, contradicts Irving's theory. Note that the use of Israelis and Jews as synonyms.
Third, the Liberty is an interesting case. Yes, the Israelis attacked and nearly destroyed (then helped rescue_ a US ship that was mistaken for an Egyptian war vessel... but all recent non-conspiracy-theory-based investigations have concluded it was a mistake, no different from what happens in any war due to poor intelligence.
-- Is "Sig" copyrighted by www.sig.com?
The only thing this company has achieved with me, is that I'll take all their claims about no matter what with a large bag of salt from now on.
Encryptions get better, and breaking them gets more and more difficult, but there is no large positive integer N for which 1/N is zero.
As encryptions get better, so do cryptanalysts.
Once upon a time, certain people thought their enigma machine was unbreakable too.
To a child ROT13 may look like garbage, but with the same training it took to learn to read, anyone can learn to read it without a decoder.
There's a theorem that remains to be proven or disproven called the P?=NP theorem. It expands to "the set of problems solvable in polynomial time ?= the set of problems solvable in non-deterministic polynomial time". Nobody has any clue how to go about a proof. It's one of the Clay institute's million dollar math problems and I'm betting it'll be the last of them to fall.
Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
quote
So far, two million people have attempted to crack the code, but none have managed.
How can anybody read a claim like this without coming to the obvious conclusion?
This crypto scheme is weak and can be rapidly broken by a brute force approach. It requires a common private key sequence that is shared among multiple users of the software; each user uses this common key to encrypt messages along the matrix. Matrix values are shared amongst all users with a common "serial number prefix." The encrypted "message" that is created is not actually the message; it is a bit sequence that points at positions within the matrix. The software locates each bit position to give a readout of the character at that step. Although the matrix undergoes convolutions as decryption occurs, supposedly making it more "uncrackable," ultimately the reduction of this method requires re-use of a one-time pad (the "virtual matrix"). Reuse of a one-time pad turns an unbreakable encoding into something insecure and breakable. That is ultimately the largest weakness of this algorithm.
Here's the telling bit in the patent scheme (US 6,219,421):
"A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
For starters, there is this gem:
Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies.
Really? You get this information from where? Granted, the Israelis get huge foreign aid checks from Uncle Sam every year, but those go overwhelmingly toward military spending. The high-tech industry in Israel is almost completely civilian, and is privately funded, mostly by venture capital (much of which comes from the US, but it's hardly taxpayer dollars). And to claim that Israel, a country of six million people, poses significant competition to American companies is simply ludicrous.
Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members.
This paragraph really shows where you are coming from. You've just taken several unsubstantiated rumors - some of them circling around for years, others having sprung up after 9/11 - and stated them as facts. Where is the State Department report you refer to, and, more importantly, when was it issued? As for the arrest of three "cheering Isralies", this is a complete misrepresentation of fact, if not a bold-faced myth. Disregarding the fact that the poster provides no link to the story, appealing instead to our collective memory, forgetting that Google finds no credible source supporting this claim, and believing the scenario that three shit-for-brains Israeli citizens were arrested while cheering the collapse of the WTC, what significance does it have that they all served in the IDF? None! Israel has a universal draft, and virtually every Israeli over the age 18 has served in the IDF at one time or another. So why the conspiracy theory?
I do not want to turn this into yet another debate about Israel - this is not the forum for it, nor do such debates lead to anything constructive. However, I do want to voice my disappointment with the group-think that pervades this forum: a paradoxical force that uncritically accepts bullshit propaganda even as it seeks to critically access bullshit marketing. Israel-bashing is a trendy phenomenon these days in intellectual circles, and since many of us belong to these circles, the overall anti-Israel mood on Slashdot is not surprising. (Nor is it unfounded, though it is poorly balanced and blown way out of proportion.) However, subjective views aside, unfounded, outlandish, politically charged claims masquerading as an answer to a technical question should be recognized as such, and classified as "Flamebait" and "Offtopic" (as ideally should happen to this response as well) rather than "Interesting" and "Insightful". Let us all try to think, and moderate responsibly, shall we?
Life is too important to be taken seriously - Oscar Wilde
http://www.meganet.com/Technology/explain.htm
Aside from having a 64kB key (1 million bits), they claim:
Did you catch that? They claim that the data isn't contained in the encrypted message!
O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.
This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...
And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.
I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.
Unless I'm mistaken, using it twice to illustrate the point that it can only be used once is quite legitimate. Or perhaps I'm missing something.
So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.
Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.
Jouster
Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.
There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.
This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.
The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.
The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:
Amount x Probability of Payment x Probability of cracking - cost of time.
The challenge is in any case over. I can't find out how long the challenge was offered for.
As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.
For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.
I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.
The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Look. This is a proprietary algorithm which was developed by a non-cryptographer, and which hasn't been peer-reviewed. It is snake-oil until it has been exposed to the light of peer-review.