Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
Pfft... unbreakable encryption my ass. There is no such thing.
This will be broken and found to be full of holes bigger then swiss cheese before the week is out...
D.
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
Well it depends what you mean by uncrackable.. with an OTP alone i could generate all possible messages the same amountt of bits, and somewhere in the solution set would be the answer. =)
There is no uncrackable encryption. therefore, information is free. (Notice: not meant to be free, or wants to be free, i cannot infer purpose or intent in design from mere observation.)
heard this last year. it's a seeded one-time pad.
generating your OTP by means of an algorithm is not a good idea.
the "one million bit" is simply the length of the pad required for a one-million character message.
essentially, any pseudo-random-number generator algorithm is identical to this.
Well, with a statement like that, I have to wonder who they're competing with.
Seriously, though. Who uses a 256 bit key anymore? AFAIK, the suggested key size is at least 1024 bits.
that that is is that that is not is not
I'm quite sure you can get a good randomness by recording noise from your (cheap) sound card. /dev/dsp, take one bit in each sample, and with a stock PC, you should have a good random number generator (except if your sound card is good quality, and you have no noise).
Pump up the volume, read
at infinite typewriters eventually produce the great works of shakespear?
In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?
This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.
Ya it's breakable, anyone disagree?
Counterpane had a little blurb on their website about it... Crypto stuff
This may have been where the original "Snake Oil" comment came from.
I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...
I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Any cipher that relies on mathematics can not be proven secure. If you look up Gödel's Incompleteness Theorems, you'll see that in any axiomatic mathematical system there are propositions that cannot be proved or disproved within the axioms of the system. So if I propose that there does exist some (unspecified) mathimatical way to break that cipher, you won't be able to 100% conclusively _disprove_ it. Also there's the off chance (2^-128, 2^-1000000, doesn't matter in a _theoretical_ sense) that I'll pick the right key by chance, and in common ciphers you'll *know* if the key is right.
The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.
It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.
Kjella
Live today, because you never know what tomorrow brings
Sure, these people are our best friends. That's why when we declaired war on terrorists we didn't condem the biggest terrorists of them all. Heck that they knew about the WTC attack in advance and even filmed and cheered about it. Or that they sent instant messages about it hours befor it happened or that despite their high presense in the financial center, they almostly completely avoided any loss of life
OK, the above is from a UK newspaper published in Israle as well as the International Herald Tribune. Wish I could find a link to the original Washington Post article; it seems to have vanished. But I did see the story about the text messages on the Washington Post site myself, and so did millions of other people And, of course, if you want a local respected U.S. source you can still find the article on ABC News' site about the Jews who filmed and celebrated the destruction, although you really had to see the show to get a full appreciation of how smug and happy that were about it.
Yea, these people are our good friends, our 51st state. Heck, they haven't openly attacked and killed us since they got the U.S. Liberty over 30 years ago.
Our good honest decent friends the Isrealis would share their spy stuff with us, why they even believe in sharing so much they had Jonathan Pollard spy on us to make sure that we shared with them.
I'm an American. I love this country and the freedoms that we used to have.
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
I'm not saying we should celebrate every 'unbreakable' claim made (champagne is too expensive for that).
However what I am saying is that we should not casually write it off as a "this is definitely a phoney". If we are influential enough it may cause investors to lose interest and pull funding.
I look on this as an "Interesting, but I'll believe it when I see it". Subtle difference.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The only thing a claim of having "unbreakable encryption" does, is expose the people claiming it as incompetent.
There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.
Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.
Favorite claim: "All other encryption methods have been compromised in the last five to six years."
Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...
Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.
At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Actually quantum cryptography is breakable, just that the probability it is broken is so insanely small it is considered unbreakable.
A deficiency of one-time-pad is a man-in-the-middle with plaintext known. Given the known plaintext he can solve for the key and then use it to substitute an identical-length message of his own choosing.
...") for the long-winded header. The tail disolves into noise, but that could be expected from a code-clerk (or machine) under attack, which might make a synchronization error in the key. For automated systems you can still spoof the checksum at the end even if you can't spoof the tail of the message. Tweak the protocol and you might, say, slip some malware's infection header into a known buffer-overflow bug behind a firewall.
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Quantum cryptography is provably unbreakable, i.e. it can be proven mathematically that it cannot be broken. For a reason similar to one-time pads. And as opposed to what most people think, quantum cryptography does NOT require a quantum computer to be implemented, and it already has been succesfully tested in practice. It's mostly an engineering problem (and political?) now to package it to make it widely accessible.
Read 'The Code Book' by Simon Singh.
is unbreakable. It involves adding so much 'random noise' to the encrypted data that it's impossible to decrypt unless the key to the original encryption is known. The trick is to use true random noise sources, not psuedorandom number generators, who's/whose (take your pick) output can be analysed, predicted and subtracted from intercepted copies. Natural noise sources, like the electrical noise a zener diode makes, can't be predicted as they follow no mathmatical pattern.
Anyone who thinks that their encryption is unbreakable should think about the rubber hose and pay off the janitor methods of breaking encryption. Typically it's far cheaper to pay someone to give up the secret than it is to even power the computers to do it.
Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
My Slashdot account is old enough to drink...
What is being advertised here is not unbreakable in the sense used by most mathematician or serious cryptographers. (When a cryptographer says unbreakable, s/he means that the system is secure even against an adversary with unlimited computing power.)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
These guys are crack smokers, especially Saul Backal. They tried to sell the company I was working on at the time on this VME bullshit. (I have an unopened copy if anybody wants it . . .)
Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.
For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.
-b
Investors shouldn't be misinformed.
The investors should not be told this encryption is "unbreakable".
The investors should be told that the encryption is based on two 32-bit keys derived from passwords, a 256-byte header which boils down to a 7-bit key, and a one-time-pad file of arbitrary size (the "million bit key"). The encryption involves executing a state machine with a large number of different permutation methods, rather than sticking to a single ciphering method which allow building a statistical model of how well the plaintext is perturbed.
The investors should be told that -- despite not revealing the algorithm -- the encryption software has been reverse-engineered and a portable decryptor written in C.
The investors, finally, should be told that the encryption is almost useless. In order for any legitimate party to decrypt a file, you need to send them the one-time-pad as well. If you're storing files encrypted for your own private use, you need to store the one-time-pad somewhere secure. Why not just store your files unencrypted in this secure place? If you encrypt more than one file with the same one-time-pad, that renders it useless - only the ~71 bits need to be broken.
Does my bum look big in this?