Israeli Firm Claims Unbreakable Encryption 728
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
pffft (Score:1, Interesting)
This will be broken and found to be full of holes bigger then swiss cheese before the week is out...
D.
Re:One Time Pad (Score:3, Interesting)
There is no uncrackable encryption. therefore, information is free. (Notice: not meant to be free, or wants to be free, i cannot infer purpose or intent in design from mere observation.)
usb mass storage = huge key (Score:4, Interesting)
Sounds good... (Score:5, Interesting)
Unless the guy kills himself after encrypting the data, thus creating the "almost unbreakable" encryption.
What one fool can create, another can break.
old news (Score:3, Interesting)
generating your OTP by means of an algorithm is not a good idea.
the "one million bit" is simply the length of the pad required for a one-million character message.
essentially, any pseudo-random-number generator algorithm is identical to this.
Re:usb mass storage = huge key (Score:2, Interesting)
In a pinch a hammer will do too.
Huge keys are easy to get ahold of. Just hash against things that are available, and not obvious. You know, some random data CD's contents, an mp3, your favorite vi clone. As long as the file you are encrypting is smaller than the pad you will be fine.
Note that some things work better than others to hash against
256 Bits? I think not. (Score:2, Interesting)
Well, with a statement like that, I have to wonder who they're competing with.
Seriously, though. Who uses a 256 bit key anymore? AFAIK, the suggested key size is at least 1024 bits.
Re:One Time Pad (Score:3, Interesting)
Pump up the volume, read
Wouldn't infinite monkeys (Score:3, Interesting)
In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?
This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.
Ya it's breakable, anyone disagree?
Origin of the term? (Score:5, Interesting)
Counterpane had a little blurb on their website about it... Crypto stuff [counterpane.com]
This may have been where the original "Snake Oil" comment came from.
I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...
I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
It's not... (Score:3, Interesting)
The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.
It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.
Kjella
Re:If the Israelies Have it.... (Score:1, Interesting)
Sure, these people are our best friends. That's why when we declaired war on terrorists we didn't condem the biggest terrorists of them all. Heck that they knew about the WTC attack in advance and even filmed and cheered about it. [fpp.co.uk] Or that they sent instant messages about it hours befor it happened [fpp.co.uk] or that despite their high presense in the financial center, they almostly completely avoided any loss of life [fpp.co.uk]
OK, the above is from a UK newspaper published in Israle as well as the International Herald Tribune. Wish I could find a link to the original Washington Post article; it seems to have vanished. But I did see the story about the text messages on the Washington Post site myself, and so did millions of other people [google.com] And, of course, if you want a local respected U.S. source you can still find the article on ABC News' site [go.com] about the Jews who filmed and celebrated the destruction, although you really had to see the show to get a full appreciation of how smug and happy that were about it.
Yea, these people are our good friends, our 51st state. Heck, they haven't openly attacked and killed us since they got the U.S. Liberty [google.com] over 30 years ago.
Our good honest decent friends the Isrealis would share their spy stuff with us, why they even believe in sharing so much they had Jonathan Pollard spy on us [cicentre.com] to make sure that we shared with them.
Consider the source--analyze the claims too. (Score:5, Interesting)
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
Re:No, no, no! (Score:3, Interesting)
However what I am saying is that we should not casually write it off as a "this is definitely a phoney". If we are influential enough it may cause investors to lose interest and pull funding.
I look on this as an "Interesting, but I'll believe it when I see it". Subtle difference.
Re:My unbreakable encryption scheme (Score:2, Interesting)
This only happened for a couple of years during the war, but the messages contained references to Soviet agents in the West that were moving up the career ladder after the war. There is more information about VENONA at the NSA website [nsa.gov].
Re:pffft (Score:5, Interesting)
here [google.com]
The joy of this for me is that, in the end it really comes down to a 7 bit exhaust to get started decrypting, and after that it's just a matter of decrypting each intermediary key in turn.
Jedidiah
Re:pffft (Score:3, Interesting)
I don't think there's even two million people on the planet who can program in C, let alone understand encryption... this all looks like hyperbole to me.
If you read the article is states that the encryption is equivalent to million-bit strength... in other words extremely fucking hard to break, unless you get very, very lucky, but it IS breakable.
-Mark
Allways the same story. (Score:3, Interesting)
There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.
Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.
Favorite claim: "All other encryption methods have been compromised in the last five to six years."
Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...
Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.
At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.
Re:Nope (Score:1, Interesting)
One time pad w/man-in-middle and known plaintext. (Score:5, Interesting)
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Quantum Cryptography (Score:2, Interesting)
Read 'The Code Book' by Simon Singh.
Quantum encryption (Score:2, Interesting)
Rubber Hose (Score:3, Interesting)
Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
Some facts. (Score:5, Interesting)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
He's a megalomaniac (Score:4, Interesting)
Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.
For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.
-b
Not being up-front. (Score:3, Interesting)
The investors should not be told this encryption is "unbreakable".
The investors should be told that the encryption is based on two 32-bit keys derived from passwords, a 256-byte header which boils down to a 7-bit key, and a one-time-pad file of arbitrary size (the "million bit key"). The encryption involves executing a state machine with a large number of different permutation methods, rather than sticking to a single ciphering method which allow building a statistical model of how well the plaintext is perturbed.
The investors should be told that -- despite not revealing the algorithm -- the encryption software has been reverse-engineered and a portable decryptor written in C.
The investors, finally, should be told that the encryption is almost useless. In order for any legitimate party to decrypt a file, you need to send them the one-time-pad as well. If you're storing files encrypted for your own private use, you need to store the one-time-pad somewhere secure. Why not just store your files unencrypted in this secure place? If you encrypt more than one file with the same one-time-pad, that renders it useless - only the ~71 bits need to be broken.