Israeli Firm Claims Unbreakable Encryption 728
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
Nope (Score:2, Insightful)
Nice, but where is the source? (Score:5, Insightful)
Exceptionally random cipher text (Score:3, Insightful)
> combines it with a one million-bit key
How can a deterministic computer create anything
more then pseudorandom ?
Snake oil (Score:5, Insightful)
From the article:
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.
It is snake oil. Move along.
Looks like an advertisement (Score:3, Insightful)
Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.
Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
Correction: (Score:3, Insightful)
That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...
Re:My unbreakable encryption scheme (Score:3, Insightful)
No (Score:0, Insightful)
PRACTICALLY unbreakable (Score:4, Insightful)
The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
Re:One Time Pad (Score:5, Insightful)
1) The generation of the pads.
One time pads are as crackable as your method for generating the pads. If your pad is TRULY random than it can't be cracked via statistics and probability. You must also be sure that no one else saw the pads or had access to the same entropy pool you used to generate the pads.
2) The distribution of the pads.
Both parties need a copy of the pad for it to work. How do the parties get the pads? Is this process secure? If not, than the quality of the pad is moot.
Justin Dubs
Re:Exceptionally random cipher text (Score:5, Insightful)
In other words, there are many ways.
Justin Dubs
And this won't help the problems they're addressin (Score:3, Insightful)
They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.
Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.
And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?
Re:Snake oil (Score:2, Insightful)
Now, they do have an extraordinary claim, and one that I too don't believe. I don't believe that any encryption is unbreakable, but that doesn't mean it is "snake oil". It could still be really really tough to crack.
*honk*
Re:usb mass storage = huge key (Score:2, Insightful)
Because it can work if you only have to encrypt up to 512 MB (or 1 GB) of data for a while and then read it again yourself. If you had to give the encrypted data to someone else you would have to let him have the keychain device (or one with a copy of the same key) through a secure medium, and this is only slightly easier than giving them a printed copy of the whole key.
Oh, and then there is still the problem of the destruction of the key after it has been used.Of course if you're using encryption for something that could change the fate (and economy) of your whole country the OTP is worth using...
The telltale signs of snakeoil encryption (Score:5, Insightful)
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
This is the dumbest thing I've read in a long time (Score:3, Insightful)
Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.
I don't really see what the point is of this encryption scheme.
No, no, no! (Score:4, Insightful)
Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.
Probably snake oil, yes. But on the other hand it could be something quite revolutionary.
There's nothing quite like apathy to retard progress.
Re:One Time Pad (Score:4, Insightful)
Getting good-enough randomness is easy enough now-adays. I mean, heck, check out random.org.
But, you still have to distribute the pad. You can always just use another one-time-pad to encrypt the pad before you send it though.
If you are distributing electronically, than you can send the pad out to your partner via some form of public-key encryption. But, now your security is not determined by the strength of the one-time pad (possibly infinite), but by the strength of the public-key crypto-system (certainly not infinite).
Justin Dubs
Re:Exceptionally random cipher text (Score:2, Insightful)
Re:256 Bits? I think not. (Score:5, Insightful)
You're ignoring the distinction between symmetric and asymmetric cryptography.
Symmetric cryptography uses only one key for encryption and decryption. For such a key, 256 bits is quite secure.
Asymmetric cryptography uses a public key for encryption and a different, private key for decryption. If using the RSA algorithm then yes, anything less than 1024 is insecure. (Elliptic Curve Cryptography is also asymmetric but is still strong at less than 1024 bits.)
Meganet's algorithm is symmetric.
Re:One Time Pad (Score:5, Insightful)
I bet when this guy takes a multiple choice exam, he just fills in *all* the boxes, and then claims that he got every answer right.
-a
Re:Snake oil (Score:2, Insightful)
One-time pad, anyone?
Bruce Schneier's opinion... (Score:2, Insightful)
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
I dunno, but a company that claims to have an unbreakable encryption algorithm that is not publically available and is not a one-time pad sure seems like something I wouldn't want to trust my data to...
BS (Score:3, Insightful)
Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by Distributed.net, and how quickly they did it.
The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
A couple of great quotes from the article (Score:3, Insightful)
Oh really? I must have missed the press release when they broke 3DES.
"So far, two million people have attempted to crack the code, but none have managed."
2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?
-a
Re:Snake oil (Score:2, Insightful)
An encryption algorithm is just one aspect of a data security chain. The security chain is very modular, almost to the point where you can just drop in whichever algorithm you want to use into the [symmetric_encryption_algorithm] slot. There are already algorithms that have been very well analyzed and attacked from every angle that can fill this slot. This is a well known fact in cryptography, and the people that have their careers in this field aren't going to waste time disassembling this Meganet program (because that's all it takes to retrieve the algorithm) in order to analyze a proprietary algorithm that Meganet says who can use and who can't.
Not random enough (Score:3, Insightful)
Hmm 1 mbit (Score:2, Insightful)
Okies now we got a 1 megabit key how are we gonna generate this key if we are gonna try to use entropy from the system its gonna take a long time to generate the data so there are only 2 solutions 1) we use a thermal diode which has to be at the right temperature and shield from RF or else it is statically attackable 2) we use a pseudo random software generator. 1 is not fesiable if we are requiring many keys to be generated at once i.e. as a symeteric component in SSL cause it still isn't fast enough and I won't bother looking at 2.
It's all in the messenger (Score:2, Insightful)
Hmmm
Re:If the Israelies Have it.... (Score:4, Insightful)
Next, the article from ABC also states, "But the FBI told ABCNEWS, 'To date, this investigation has not identified anybody who in this country had pre-knowledge of the events of 9/11.'", which, of course, contradicts Irving's theory. Note that the use of Israelis and Jews as synonyms.
Third, the Liberty is an interesting case. Yes, the Israelis attacked and nearly destroyed (then helped rescue_ a US ship that was mistaken for an Egyptian war vessel... but all recent non-conspiracy-theory-based investigations have concluded it was a mistake, no different from what happens in any war due to poor intelligence.
The only thing (Score:1, Insightful)
Encryptions get better, and breaking them gets more and more difficult, but there is no large positive integer N for which 1/N is zero.
As encryptions get better, so do cryptanalysts.
Once upon a time, certain people thought their enigma machine was unbreakable too.
To a child ROT13 may look like garbage, but with the same training it took to learn to read, anyone can learn to read it without a decoder.
Re:Snake oil (Score:3, Insightful)
However, we're dealing with something that is well understood and in a field where there isn't a lot of gray area. Really tough to crack it may be, but that isn't unbreakable. There are no unbreakable codes. The best that you can hope for is a code that can't currently be broken algorithmically with current tools because the power isn't there to do so in a pragmatic amount of time.
P?=NP (Score:3, Insightful)
Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
Re:Correction: (Score:2, Insightful)
I want to see a list of the two million people (Score:1, Insightful)
So far, two million people have attempted to crack the code, but none have managed.
How can anybody read a claim like this without coming to the obvious conclusion?
Broken Scheme: Reuse of a One Time Pad (Score:4, Insightful)
Here's the telling bit in the patent scheme (US 6,219,421):
"A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
Re:Consider the source--analyze the claims too. (Score:3, Insightful)
For starters, there is this gem:
Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies.
Really? You get this information from where? Granted, the Israelis get huge foreign aid checks from Uncle Sam every year, but those go overwhelmingly toward military spending. The high-tech industry in Israel is almost completely civilian, and is privately funded, mostly by venture capital (much of which comes from the US, but it's hardly taxpayer dollars). And to claim that Israel, a country of six million people, poses significant competition to American companies is simply ludicrous.
Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members.
This paragraph really shows where you are coming from. You've just taken several unsubstantiated rumors - some of them circling around for years, others having sprung up after 9/11 - and stated them as facts. Where is the State Department report you refer to, and, more importantly, when was it issued? As for the arrest of three "cheering Isralies", this is a complete misrepresentation of fact, if not a bold-faced myth. Disregarding the fact that the poster provides no link to the story, appealing instead to our collective memory, forgetting that Google finds no credible source supporting this claim, and believing the scenario that three shit-for-brains Israeli citizens were arrested while cheering the collapse of the WTC, what significance does it have that they all served in the IDF? None! Israel has a universal draft, and virtually every Israeli over the age 18 has served in the IDF at one time or another. So why the conspiracy theory?
I do not want to turn this into yet another debate about Israel - this is not the forum for it, nor do such debates lead to anything constructive. However, I do want to voice my disappointment with the group-think that pervades this forum: a paradoxical force that uncritically accepts bullshit propaganda even as it seeks to critically access bullshit marketing. Israel-bashing is a trendy phenomenon these days in intellectual circles, and since many of us belong to these circles, the overall anti-Israel mood on Slashdot is not surprising. (Nor is it unfounded, though it is poorly balanced and blown way out of proportion.) However, subjective views aside, unfounded, outlandish, politically charged claims masquerading as an answer to a technical question should be recognized as such, and classified as "Flamebait" and "Offtopic" (as ideally should happen to this response as well) rather than "Interesting" and "Insightful". Let us all try to think, and moderate responsibly, shall we?
Re:One Time Pad (Score:4, Insightful)
THERE IS NO SUCH THING AS AN UNBREAKABLE SECURITY SYSTEM. THIS INCLUDES ENCRYPTION.
Read that again. Go ahead, I'll wait
Ahem.
Now...this is just common sense, people. Encryption is like a door. The person with the right key can open it. Right?
The door must allow authorized access, but disallow unauthorized access. Usually, whoever has the key is authorized.
However, if someone can either A) get the key, or B) fake the lock into thinking that they have the key, C) go around the door, or D) remove the door they can get in. There is no such thing as a security system that does not allow either A, B, C or D.
Anytime you hear 'unbreakable encryption' RUN. They're lying to you. It doesn't exist. Plain and simple.
Their "explanation" is impossible. (Score:3, Insightful)
http://www.meganet.com/Technology/explain.htm [meganet.com]
Aside from having a 64kB key (1 million bits), they claim:
Did you catch that? They claim that the data isn't contained in the encrypted message!
O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.
This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...
And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.
I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.
Re:Used more than once? (Score:1, Insightful)
Unless I'm mistaken, using it twice to illustrate the point that it can only be used once is quite legitimate. Or perhaps I'm missing something.
Re:And this won't help the problems they're addres (Score:3, Insightful)
So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.
Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.
Jouster
Re:The telltale signs of snakeoil encryption (Score:2, Insightful)
And the claim of "two million people" having tried to crack the code is bogus. Most of these people probably haven't had any cryptographic training.
This used to be called Power One Time Pad (Score:5, Insightful)
Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.
There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.
This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.
The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.
The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:
Amount x Probability of Payment x Probability of cracking - cost of time.
The challenge is in any case over. I can't find out how long the challenge was offered for.
As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.
For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.
I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.
The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.
Re:pffft (Score:4, Insightful)
Look. This is a proprietary algorithm which was developed by a non-cryptographer, and which hasn't been peer-reviewed. It is snake-oil until it has been exposed to the light of peer-review.
Re:My unbreakable encryption scheme (Score:3, Insightful)
That should be meet-in-the-middle not man-in-the-middle
AES is still better than either.
-- this is not a