Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
One of the creators can always sell out and show how to beat the system.
One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]
> creates exceptionally random cipher text and
> combines it with a one million-bit key
How can a deterministic computer create anything
more then pseudorandom ?
From the article:
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.
It is snake oil. Move along.
I believe posters are recognized by their sig. So I made one.
They use a 1 MB key to encrypt the data, whee.
It's not theoretically unbreakable, just practically unbreakable with today's technology.
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
> This isn't the first time someone's made this claim, or second, or third ...
And if this story gets reposted, it'll seem like a fourth!
Wonderful article, but how good is encryption when your fundamental flaw in data security is the people who use it?
Case in point: 128-bit SSL keys, MD5 hashed passwords on a system utilizing firewalls and a database whose data is encrypted by the super-uncrackable-key(tm)... owner connects to the site over the internet via telnet...
We should invent encrypted people. That way not only would data be safe, but it's so secure the guy next to you has no idea what you're talking about!
Sincerely,
-Matt
--- Need web hosting?
Which is unfortunately 2x the size of the original message.
Ho hum...
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
The first few paragraphs offer some details on what was developed...
Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.
Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...
Hate me!
A preview from next month's Dog House section of the Crypto-Gram.
A One Million bit key? Unbreakable? Schneier is going to have a field day with this one.
Anyone think there is any truth to their claims of one million bit encryption? Seems like it would take an awful long time to work with, too long to be really usefull. I thought 4096 keys for current methods were deemed strong enough for at least a few years. Hell, we just had an article about 1024 bit keys needing 1 year and/or large quantities of $$$ to break, how can they claim everything else has been broken in the last 5 years (Brute forced doesn't matter. Anything can be cracked given enough time, flawed methods = cracks without major work for many keysets), and that competing techs use only 256 bits? Hmmm... this needs some investigating. I do like the bit about the NSA wanting to prevent them from exporting(just like every non-flawed encryption system). PGP went through the same thing if I recall correctly, and there were "do not export to warnings" on IE just for having 128-bit SSL. Seems like this may be a little bit of hype and marketing to dig through.
(Congrats and Kudos to them if they pulled it off, but I remain skeptical as always until I see some full-on analysis from experts in the field, not a brochure-derived article)
heard this last year. it's a seeded one-time pad.
generating your OTP by means of an algorithm is not a good idea.
the "one million bit" is simply the length of the pad required for a one-million character message.
essentially, any pseudo-random-number generator algorithm is identical to this.
...Ask Kevin Mitnick - Part II.
Their glick is using a 1MB long key (4000 times longer than current encryption methods). They say it's going to be the strongest in the next 5-6 years.
The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
Well, with a statement like that, I have to wonder who they're competing with.
Seriously, though. Who uses a 256 bit key anymore? AFAIK, the suggested key size is at least 1024 bits.
that that is is that that is not is not
They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.
Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.
And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?
I believe posters are recognized by their sig. So I made one.
Take input file and pipe it to dev/nul,
Take dev/random and pipe it to output file.
Guaranteed unbreakable encryption!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
This is so incredible I just can't read anymore.
I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.
It's snakeoil. Just marketing, no security. Move along. Nothing to see here.
Belief is the currency of delusion.
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
One of the key metrics of a cipher's strength is how strong it is in comparison to its key size. 256 bit ciphers, if brute force is the best attack, are immune to brute force with any imaginable technology (it is hard to imagine building a machine with matter that can count to 2^256, let alone try and brute force a cipher).
Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.
I don't really see what the point is of this encryption scheme.
Because some experts have been burned by fakes in the past does not necessarily make everything snake oil.
Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.
Probably snake oil, yes. But on the other hand it could be something quite revolutionary.
There's nothing quite like apathy to retard progress.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
at infinite typewriters eventually produce the great works of shakespear?
In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?
This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.
Ya it's breakable, anyone disagree?
Counterpane had a little blurb on their website about it... Crypto stuff
This may have been where the original "Snake Oil" comment came from.
I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...
I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Any cipher that relies on mathematics can not be proven secure. If you look up Gödel's Incompleteness Theorems, you'll see that in any axiomatic mathematical system there are propositions that cannot be proved or disproved within the axioms of the system. So if I propose that there does exist some (unspecified) mathimatical way to break that cipher, you won't be able to 100% conclusively _disprove_ it. Also there's the off chance (2^-128, 2^-1000000, doesn't matter in a _theoretical_ sense) that I'll pick the right key by chance, and in common ciphers you'll *know* if the key is right.
The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.
It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.
Kjella
Live today, because you never know what tomorrow brings
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
I dunno, but a company that claims to have an unbreakable encryption algorithm that is not publically available and is not a one-time pad sure seems like something I wouldn't want to trust my data to...
I don't think this encryption is unbreakable. To me it sounds like they are relying on the massive keylength. Just because it has a large key, it is unbreakable.
Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by Distributed.net, and how quickly they did it.
The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
"All other encryption methods have been compromised in the last five to six years."
Oh really? I must have missed the press release when they broke 3DES.
"So far, two million people have attempted to crack the code, but none have managed."
2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?
-a
In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.
So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).
Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).
The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here, the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".
Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.
Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.
It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
It's my girlfriend. Many men have tried, and to date none have been able to figure her out.
Bit pricy though.
From the patent:
So, it would _seem_ a bit like:
1. build matrix:
A B C
D E F
G H I
2. to cipher up the letter F which is at row 2, col 3 send (2,3).
3. mutate matrix, goto 2
So the real "crypto" lies in the mutation of the matrix... how that is done is not described... maybe it's just x-or'ed onto itself or whatnot.
The way the key is found has nothing to do with the value of the crypto, so don't even begin to critisize how easy it must be for an attacker to guess which file is being used as key.
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/
Have Linux installed at your place in Amsterdam, for cheap
For a OTP to be secure, it has to be random. The contents of cnn.com aren't random.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
First thing first if this is a 1 mbit key then they are definately not using asymeteric(sp?) encryption or else the time to encrypt the single smallest message would probably years and to decrypt would be even longer thats with a key. ( Assuming the security between the private and public key is reasonable unlike inverse matricies which are 2 different keys but the use of the keys is quick ) so well everyone is still transfer all there credit card info with old encryption so thats down the drain. Even if it was asymeteric encryption then that means when your setting up your secure connection would take a handshake of over 1/4 of a meg but as I said before it is just symeteric. So with this large key how are they gonna transfer it seeing as it is symeteric? the answer is they can't the vernor ( sp? ) was invited a long time ago and its MORE secure then this *new* encryption Meganet created.
Okies now we got a 1 megabit key how are we gonna generate this key if we are gonna try to use entropy from the system its gonna take a long time to generate the data so there are only 2 solutions 1) we use a thermal diode which has to be at the right temperature and shield from RF or else it is statically attackable 2) we use a pseudo random software generator. 1 is not fesiable if we are requiring many keys to be generated at once i.e. as a symeteric component in SSL cause it still isn't fast enough and I won't bother looking at 2.
There used to be a Windows program called "Unbreakable security" which, among other things, could encrypt a file and put it in self opening .exe file (you had to enter the password).
So I tried to crack the program and found out it was fairly easy to do (took me a few hours). But then I discovered that the program had a bug which caused the blank password to be accepted as valid password. So much about Unbreakable security.
here
The joy of this for me is that, in the end it really comes down to a 7 bit exhaust to get started decrypting, and after that it's just a matter of decrypting each intermediary key in turn.
Jedidiah
Craft Beer Programming T-shirts
Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:
"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
I think if this was of any importance or interest whatsoever, someone a little more upmarket and respected than www.israel21c.org would be carrying the story ... this is basically tabloid journalism on the internet, yet somehow it got on Slashdot.
... methinks someone upstairs in Slashdot wanted to start a stone-throwing session.
Hmmm
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
Couple of points. I'll ignore the obvious anti-Semitimism (and anti-Israeli racism here), and limit it to factual points, leaving the semi-educated (or better) reader to filter out the drivel. Number one: fpp is David Irving, a well known holocaust denier, and the recent loser in a British libel case.
Next, the article from ABC also states, "But the FBI told ABCNEWS, 'To date, this investigation has not identified anybody who in this country had pre-knowledge of the events of 9/11.'", which, of course, contradicts Irving's theory. Note that the use of Israelis and Jews as synonyms.
Third, the Liberty is an interesting case. Yes, the Israelis attacked and nearly destroyed (then helped rescue_ a US ship that was mistaken for an Egyptian war vessel... but all recent non-conspiracy-theory-based investigations have concluded it was a mistake, no different from what happens in any war due to poor intelligence.
-- Is "Sig" copyrighted by www.sig.com?
I know what it is like to be misunderstood. I have this brilliant, gauranteed, money making scheme that no-one has faith in. If you send my £25 I will tell you all about it.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
There are two million people who'd know even where to start attacking this on the Earth?
I don't think there's even two million people on the planet who can program in C, let alone understand encryption... this all looks like hyperbole to me.
If you read the article is states that the encryption is equivalent to million-bit strength... in other words extremely fucking hard to break, unless you get very, very lucky, but it IS breakable.
-Mark
A data security method and apparatus that provides an exceptional degree of security at low computational cost. The data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (arbitrarily large), continuously-changing array of values. The encryption technique is therefore referred to as Virtual Matrix Encryption. Furthermore, the data security arrangement uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure message and a computer used to receive a secure message. The term Virtual Key Cryptographic as used herein to refer to techniques in which a key is recreated at a remote location from an electronic file without any transmission of the key itself. The file may be a system file, a file downloaded from the Internet, etc. A smaller, transaction-specific key, e.g., a 2,048 bit key, is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key.
The patenthttp://patft.uspto.gov/netahtml/srchnum.htm patent #6,219,421
The flaw is that the starting "matrix" must be shared. It's essentially a symmetric key or shared secret algorithm, with the disadvantage being that the shared secret is overtly large. Example entropy sources to reconstruct the matrix suggested in the patent include "system files" or "files downloaded from the Internet".
Thus, it is impossible for the algorithm to be stronger than the method relied on to reconstruct the matrix at the receiving end. A file is most likely to be used to do this, so breaking an instance of ciphertext is likely to be an exercise in guessing which file(s) available to the receiving computer would be used to construct the decryption matrix.
If one has available a secure means to share the matrix construction file(s), one could presumably forego the VME encryption altogether and use the same means to pass the message itself.
The algorithm is designed to do nothing but encrypt or decrypt an arbitrary number of bytes. It does not address key exchange. If an implementation contains any other weaknesses through oversight, such as not padding plaintext to a sufficiently large block and passing any check information out of band to detect transmission errors, compromise could occur through those weaknesses.
Bruce Schneier covered this way back in February 1999:
http://www.counterpane.com/crypto-gram-9902.html
I think we can file this under "snake oil".
However, strong peer review and research though can give very strong motivation as to why a certain algorithm is computationally intractable (making the encryption scheme practically unbreakable).
Before I could ever trust some new-fangled encryption scheme, I think I would like to see the company submitting REAL detailed articles of mathematics and techniques to appropriate research conferences and have the whole algorithm and math undergo the process of peer review. Its just too easy to fuck up encryption and to think something REALLY REALLY hard to compute isn't in reality a lot easier than it seems.
Symmetrical cryptography does not depend on any specific properties of the numbers selected as the key of the cryptosystem. Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.
Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.
Most systems in use today are so-called hybrid systems, using both asymmetric and symmetric cryptography. Since a cryptosystem is as strong as its weakest link, you need to increase the asymmetric keysize to be at least as difficult to break as the symmetric part. Given the current knowledge of factoring algorithms and the like, you need at least a1024 to 2048 bit RSA key to stack up against a 128 bit symmetrical key.
Pathman, Free (as in GPL) 3D Pac Man
There's probably 2 million people who can code in C in India alone.
Jaysyn
There is a war going on for your mind.
British firm claims unsinkable ship...
In Soviet Rush, today's Tom Sawyer gets high on you.
The only thing a claim of having "unbreakable encryption" does, is expose the people claiming it as incompetent.
There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.
Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.
Favorite claim: "All other encryption methods have been compromised in the last five to six years."
Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...
Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.
At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
There's a theorem that remains to be proven or disproven called the P?=NP theorem. It expands to "the set of problems solvable in polynomial time ?= the set of problems solvable in non-deterministic polynomial time". Nobody has any clue how to go about a proof. It's one of the Clay institute's million dollar math problems and I'm betting it'll be the last of them to fall.
Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
Curiously, all of their challenges are over before ever appearing on their website...
doesn't work. It just keeps going faster and faster."
It is the perennial cry of the snake oil crowd that the "establishment" won't take their claims seriously. It never, *ever* seems to occur to them that this is because their claims are *provably* whacko. Especially where purely mathmatical structures are concerned.
Most snake oil saleman didn't do very well in math at school, although this personal limitation has never seemed to stand in the way of their being able to seriously cook a set of books to display for the investors.
KFG
A deficiency of one-time-pad is a man-in-the-middle with plaintext known. Given the known plaintext he can solve for the key and then use it to substitute an identical-length message of his own choosing.
...") for the long-winded header. The tail disolves into noise, but that could be expected from a code-clerk (or machine) under attack, which might make a synchronization error in the key. For automated systems you can still spoof the checksum at the end even if you can't spoof the tail of the message. Tweak the protocol and you might, say, slip some malware's infection header into a known buffer-overflow bug behind a firewall.
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
(Typing from a wierd 'puter, so I can't
cut and paste the links.) Google for
'meganet', 'encryption', and 'doghouse'
and you'll find two Doghouse entries for these
guys on Cryptogram. One makes fun of their
product; the other for them changing their
name in response to the first entry.
This crypto scheme is weak and can be rapidly broken by a brute force approach. It requires a common private key sequence that is shared among multiple users of the software; each user uses this common key to encrypt messages along the matrix. Matrix values are shared amongst all users with a common "serial number prefix." The encrypted "message" that is created is not actually the message; it is a bit sequence that points at positions within the matrix. The software locates each bit position to give a readout of the character at that step. Although the matrix undergoes convolutions as decryption occurs, supposedly making it more "uncrackable," ultimately the reduction of this method requires re-use of a one-time pad (the "virtual matrix"). Reuse of a one-time pad turns an unbreakable encoding into something insecure and breakable. That is ultimately the largest weakness of this algorithm.
Here's the telling bit in the patent scheme (US 6,219,421):
"A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
new ferrari: approx. $200,000.
$1,000,000 - $200,000 = $800,000
These guys are cryptographers?
I'll take the million dollars and buy 5 ferraris thanks.
-he who laughs last, is a bit slow.
journal
Quantum cryptography is provably unbreakable, i.e. it can be proven mathematically that it cannot be broken. For a reason similar to one-time pads. And as opposed to what most people think, quantum cryptography does NOT require a quantum computer to be implemented, and it already has been succesfully tested in practice. It's mostly an engineering problem (and political?) now to package it to make it widely accessible.
Read 'The Code Book' by Simon Singh.
... but the opinions of the New York Times editorial staff certainly are. :)
is unbreakable. It involves adding so much 'random noise' to the encrypted data that it's impossible to decrypt unless the key to the original encryption is known. The trick is to use true random noise sources, not psuedorandom number generators, who's/whose (take your pick) output can be analysed, predicted and subtracted from intercepted copies. Natural noise sources, like the electrical noise a zener diode makes, can't be predicted as they follow no mathmatical pattern.
I can't believe the press falls for the following claims which have a track record of being 100% false:
1) The end of the world is coming... next year.
2) 150MPG Automobile
3) Unbreakable Encryption/Copy Protection/Computer Security (this claim replaced the uncrackable safe and the unpickable lock)
4) We'll run out of food in 10 years!
5) This year, the Cubs will win the World Series
-- $G
Anyone who thinks that their encryption is unbreakable should think about the rubber hose and pay off the janitor methods of breaking encryption. Typically it's far cheaper to pay someone to give up the secret than it is to even power the computers to do it.
Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
My Slashdot account is old enough to drink...
http://www.meganet.com/Technology/explain.htm
Aside from having a 64kB key (1 million bits), they claim:
Did you catch that? They claim that the data isn't contained in the encrypted message!
O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.
This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...
And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.
I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.
Israeli firms generates free publicity with ludicrous claims.
What is being advertised here is not unbreakable in the sense used by most mathematician or serious cryptographers. (When a cryptographer says unbreakable, s/he means that the system is secure even against an adversary with unlimited computing power.)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
You're confusing random numbers with pseudo-random numbers. Random numbers can be created by, say, a radioactive source. Yes, there are equations involved, but trying to reproduce the stream won't work because it is random.
- dave f.
These guys are crack smokers, especially Saul Backal. They tried to sell the company I was working on at the time on this VME bullshit. (I have an unopened copy if anybody wants it . . .)
Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.
For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.
-b
So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.
Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.
Jouster
Investors shouldn't be misinformed.
The investors should not be told this encryption is "unbreakable".
The investors should be told that the encryption is based on two 32-bit keys derived from passwords, a 256-byte header which boils down to a 7-bit key, and a one-time-pad file of arbitrary size (the "million bit key"). The encryption involves executing a state machine with a large number of different permutation methods, rather than sticking to a single ciphering method which allow building a statistical model of how well the plaintext is perturbed.
The investors should be told that -- despite not revealing the algorithm -- the encryption software has been reverse-engineered and a portable decryptor written in C.
The investors, finally, should be told that the encryption is almost useless. In order for any legitimate party to decrypt a file, you need to send them the one-time-pad as well. If you're storing files encrypted for your own private use, you need to store the one-time-pad somewhere secure. Why not just store your files unencrypted in this secure place? If you encrypt more than one file with the same one-time-pad, that renders it useless - only the ~71 bits need to be broken.
Does my bum look big in this?
Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.
There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.
This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.
The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.
The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:
Amount x Probability of Payment x Probability of cracking - cost of time.
The challenge is in any case over. I can't find out how long the challenge was offered for.
As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.
For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.
I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.
The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Look. This is a proprietary algorithm which was developed by a non-cryptographer, and which hasn't been peer-reviewed. It is snake-oil until it has been exposed to the light of peer-review.
the problem was, I couldn't decrypt it either...
It turns out if you have a key, you can just guess at it, and eventually break it... I just went to the source of the problem... the key. If you don't have a key, you can't break it. Unfortunately, as it turns out, you can't decrypt it either.
Seriously thhough:
It probably is theoretically possible despite what you may see on here to make an unbreakable encryption. The only problem with this is that it can only be used on data less than the key size(AKA one time pad) and random data(AKA data of an unknown format). If you can accomplish either these two, I don't think anyone will be able to break it. The problem is: With a one time pad, it's pretty much the same as carrying the data to the other end; data is useless unless someone can understand it.
I've always wanted to start a cryto challenge of a crypto that had no signature and was of nearly random data. The problem is, computers are not that great at pattern matching, and won't be able to find a good pattern in your data format to begin with. This is compounded with no verification that the key you used is valid. In theory, you could get anything out of the decryption if it weren't for that pesky external signature. Remove those, and it could decrypt to just about anything the same length.
In a nutshell, if you had the perfect compression (theoretically impossible) it would be impossible to break your encryption (if you didn't have a signature or hash for verification). Now if only compression was encryption oriented (no predictable bits... thus not perfect), we would be all set. If you researched enough, you may be able to make it very hard to predict bits in compression.
Most encryption in the past has been broken by the redundancy of the data (Signatures, statistics, etc.) so that you know if you have the right key (the signature matches, the MD5 matches, or it looks like the target language). If it's impossible to know if you have decrypted the message, it's impossible to break.
Karma Clown