Israeli Firm Claims Unbreakable Encryption 728
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
Nope (Score:2, Insightful)
Re:Nope (Score:3, Informative)
Unbreakable encryption is quantum encryption.
Re:Nope (Score:3, Informative)
This used to be called Power One Time Pad (Score:5, Insightful)
Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.
There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.
This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.
The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.
The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:
Amount x Probability of Payment x Probability of cracking - cost of time.
The challenge is in any case over. I can't find out how long the challenge was offered for.
As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.
For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.
I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.
The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.
One Time Pad (Score:5, Informative)
Re:One Time Pad (Score:3, Interesting)
There is no uncrackable encryption. therefore, information is free. (Notice: not meant to be free, or wants to be free, i cannot infer purpose or intent in design from mere observation.)
Re:One Time Pad (Score:5, Insightful)
I bet when this guy takes a multiple choice exam, he just fills in *all* the boxes, and then claims that he got every answer right.
-a
Re:One Time Pad (Score:5, Insightful)
1) The generation of the pads.
One time pads are as crackable as your method for generating the pads. If your pad is TRULY random than it can't be cracked via statistics and probability. You must also be sure that no one else saw the pads or had access to the same entropy pool you used to generate the pads.
2) The distribution of the pads.
Both parties need a copy of the pad for it to work. How do the parties get the pads? Is this process secure? If not, than the quality of the pad is moot.
Justin Dubs
Re:One Time Pad (Score:3, Interesting)
Pump up the volume, read
Re:One Time Pad (Score:4, Insightful)
Getting good-enough randomness is easy enough now-adays. I mean, heck, check out random.org.
But, you still have to distribute the pad. You can always just use another one-time-pad to encrypt the pad before you send it though.
If you are distributing electronically, than you can send the pad out to your partner via some form of public-key encryption. But, now your security is not determined by the strength of the one-time pad (possibly infinite), but by the strength of the public-key crypto-system (certainly not infinite).
Justin Dubs
Re:One Time Pad (Score:5, Funny)
There's a link at random.org: "For non-random numbers, try NoEntropy.net! [noentropy.net] "
From their site:
A mouthful, no? There's a form you can fill out to request deterministic numbers (up to 10,000). The default is 100.
The punchline: all the numbers are "1".
Not random enough (Score:3, Insightful)
s/CNN/New York Times (Score:5, Funny)
Re:One Time Pad (Score:5, Informative)
That's a book cipher, and it's not a one time pad. There's a lot of structure in your pad material.
No, the problem is still the random source. If you have two sources that produce the same key stream they are not "random" in the sense that we mean. And if you distribute (broadcast) the pad, then you have the key distribution problem again.
Not to say that book ciphers cannot (and have not) been used to good effect. But one-time-pads they're not.
Re:One Time Pad (Score:5, Informative)
You CAN NOT use the same pad more than once. Hence the name "One-time" pads. Here's why:
Here are two messages, encrypted with the same pad:
cyphertext1 = plaintext1 + one-time-pad
cyphertext2 = plaintext2 + one-time-pad
For short:
c1 = p1 + otp
c2 = p2 + otp
Now, I get ahold of both cyphertexts, and I suspect, or guess, that they were encrypted with the same key.
(c2 - c1) = (p2 + otp) - (p1 + otp)
(c2 - c1) = (p2 - p1)
So, now, the "enemy" has a new set of numbers, obtained by the subtraction of the two cyphertexts, and this result is also the subtraction of the two plaintexts as the one-time-pads cancelled out.
A message that is simply the difference between two plaintext messages is trivially crackable via statistical analysis.
Anyone who enjoys encryption theory and a good yarn should go pick up a copy of Neal Stephenson's Cryptonomicon. It is one of the best book I have ever read.
Justin Dubs
One time pad w/man-in-middle and known plaintext. (Score:5, Interesting)
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Re:One Time Pad (Score:5, Informative)
Problem (1) is really hard to do well. And, no, a cheap soundcard is not the answer
Re:One Time Pad (Score:4, Funny)
Via email. Use a one-time-pad to encypt it.
Re:One Time Pad (Score:3, Informative)
1) The generation of the pads.
The article says "Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text". So this is how the "onetime pad" is generated, and this has always turned out to have a weakness. "Real" onetime pads are generated by random natural processes, such as cosmic rays, not from a mathematical seed.
Re:One Time Pad (Score:4, Insightful)
THERE IS NO SUCH THING AS AN UNBREAKABLE SECURITY SYSTEM. THIS INCLUDES ENCRYPTION.
Read that again. Go ahead, I'll wait
Ahem.
Now...this is just common sense, people. Encryption is like a door. The person with the right key can open it. Right?
The door must allow authorized access, but disallow unauthorized access. Usually, whoever has the key is authorized.
However, if someone can either A) get the key, or B) fake the lock into thinking that they have the key, C) go around the door, or D) remove the door they can get in. There is no such thing as a security system that does not allow either A, B, C or D.
Anytime you hear 'unbreakable encryption' RUN. They're lying to you. It doesn't exist. Plain and simple.
My unbreakable encryption scheme (Score:5, Funny)
Or maybe Rot26? Or 2Rot13?
Re:My unbreakable encryption scheme (Score:3, Funny)
With wings for extra protection when you need it most!
Re:My unbreakable encryption scheme (Score:3, Insightful)
Re:My unbreakable encryption scheme (Score:3, Informative)
If I recall correctly, it was actually first deciphered by the agents of the Technical Office in Stockholm, Sweden and, neutral as Sweden was, leaked to the U.S.
Re:My unbreakable encryption scheme (Score:3, Insightful)
That should be meet-in-the-middle not man-in-the-middle
AES is still better than either.
-- this is not a
In other news (Score:3, Funny)
I'll save you all some time. (Score:5, Funny)
Not even the one-time-pad is resistant to being hacked (think social engineering).
Get over it, and stop fantasizing about unbreakable encryption, your own chobits [fcpages.com], Natalie Portman [faemalia.org], beowulf clusters of mecha [wikipedia.org], and being as rich as the sub-human wannabe-geek [greenspun.com] already, okay?
Nice, but where is the source? (Score:5, Insightful)
Re:Nice, but where is the source? (Score:5, Funny)
Re:Nice, but where is the source? (Score:4, Funny)
usb mass storage = huge key (Score:4, Interesting)
Sounds good... (Score:5, Interesting)
Unless the guy kills himself after encrypting the data, thus creating the "almost unbreakable" encryption.
What one fool can create, another can break.
Only one sure way to find out (Score:3, Funny)
Exceptionally random cipher text (Score:3, Insightful)
> combines it with a one million-bit key
How can a deterministic computer create anything
more then pseudorandom ?
Re:Exceptionally random cipher text (Score:5, Informative)
Szo
Re:Exceptionally random cipher text (Score:3, Informative)
As a consequence you cannot get high rates and there is some structure in the output. What is wrong with using a 50 cent Zener Diode? Or a 1 Euro fast noisy OpAMP with amplification 100 and grounded input? Both produce high quality random noise, first case electrons jumping the PN-wall, second case electrons moving around (termal noise).
Re:Exceptionally random cipher text (Score:5, Funny)
By using lava lamps, of course [lavarnd.org]
Jason
ProfQuotes [profquotes.com]
Re:Exceptionally random cipher text (Score:5, Insightful)
In other words, there are many ways.
Justin Dubs
Snake oil (Score:5, Insightful)
From the article:
"Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."
So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.
It is snake oil. Move along.
No, no, no! (Score:4, Insightful)
Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.
Probably snake oil, yes. But on the other hand it could be something quite revolutionary.
There's nothing quite like apathy to retard progress.
Re:No, no, no! (Score:3, Interesting)
However what I am saying is that we should not casually write it off as a "this is definitely a phoney". If we are influential enough it may cause investors to lose interest and pull funding.
I look on this as an "Interesting, but I'll believe it when I see it". Subtle difference.
Not being up-front. (Score:3, Interesting)
The investors should not be told this encryption is "unbreakable".
The investors should be told that the encryption is based on two 32-bit keys derived from passwords, a 256-byte header which boils down to a 7-bit key, and a one-time-pad file of arbitrary size (the "million bit key"). The encryption involves executing a state machine with a large number of different permutation methods, rather than sticking to a single ciphering method which allow building a statistical model of how well the plaintext is perturbed.
The investors should be told that -- despite not revealing the algorithm -- the encryption software has been reverse-engineered and a portable decryptor written in C.
The investors, finally, should be told that the encryption is almost useless. In order for any legitimate party to decrypt a file, you need to send them the one-time-pad as well. If you're storing files encrypted for your own private use, you need to store the one-time-pad somewhere secure. Why not just store your files unencrypted in this secure place? If you encrypt more than one file with the same one-time-pad, that renders it useless - only the ~71 bits need to be broken.
Origin of the term? (Score:5, Interesting)
Counterpane had a little blurb on their website about it... Crypto stuff [counterpane.com]
This may have been where the original "Snake Oil" comment came from.
I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...
I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
Please do not be so scathing... (Score:5, Funny)
"This perpetual motion machine Lisa built. . . (Score:5, Funny)
It is the perennial cry of the snake oil crowd that the "establishment" won't take their claims seriously. It never, *ever* seems to occur to them that this is because their claims are *provably* whacko. Especially where purely mathmatical structures are concerned.
Most snake oil saleman didn't do very well in math at school, although this personal limitation has never seemed to stand in the way of their being able to seriously cook a set of books to display for the investors.
KFG
Re:Snake oil (Score:3, Insightful)
However, we're dealing with something that is well understood and in a field where there isn't a lot of gray area. Really tough to crack it may be, but that isn't unbreakable. There are no unbreakable codes. The best that you can hope for is a code that can't currently be broken algorithmically with current tools because the power isn't there to do so in a pragmatic amount of time.
Practically unbreakable (Score:2, Informative)
It's not theoretically unbreakable, just practically unbreakable with today's technology.
Rotating cleartext? (Score:2)
So is this a rotating cleartext or what?
repeated claim... (Score:4, Funny)
And if this story gets reposted, it'll seem like a fourth!
No such thing (Score:5, Funny)
Case in point: 128-bit SSL keys, MD5 hashed passwords on a system utilizing firewalls and a database whose data is encrypted by the super-uncrackable-key(tm)... owner connects to the site over the internet via telnet...
We should invent encrypted people. That way not only would data be safe, but it's so secure the guy next to you has no idea what you're talking about!
Sincerely,
-Matt
One time pad, quantum encryption are unbreakable (Score:2)
I also believe that some form of quantum encryption has been proven to be unbreakable, but I have no idea how it works, or why. Especially since a regular computer can do anything a quantum computer can do, if given enough time.
If these Israelis could prove mathematically that their encryption method can't be easily reversed, then I think they might as well claim it's unbreakable as you can say something like "the key can't be found even if every atom of silicon on earth was used as a transistor, and was used as one until the sun burns out". Or something like that. Remember, public key crypto is only believed to be secure, since no one's been able to figure out how to factor large numbers quickly. It doesn't mean they never will.
Personaly, I doubt it, though.
Encryption and compression (Score:5, Funny)
Which is unfortunately 2x the size of the original message.
Ho hum...
Looks like an advertisement (Score:3, Insightful)
Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.
Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
Correction: (Score:3, Insightful)
That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...
old news (Score:3, Interesting)
generating your OTP by means of an algorithm is not a good idea.
the "one million bit" is simply the length of the pad required for a one-million character message.
essentially, any pseudo-random-number generator algorithm is identical to this.
This one calls for... (Score:5, Funny)
PRACTICALLY unbreakable (Score:4, Insightful)
The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
And this won't help the problems they're addressin (Score:3, Insightful)
They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.
Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.
And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?
Re:And this won't help the problems they're addres (Score:3, Insightful)
So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.
Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.
Jouster
My unbreakable encryption scheme! (Score:5, Funny)
Take dev/random and pipe it to output file.
Guaranteed unbreakable encryption!
-
Re:My unbreakable encryption scheme! (Score:5, Funny)
Guaranteed unbreakable encryption!
Not entirely. There is a slight chance that the output from /dev/random will be identical to the original message. :)
Re:My unbreakable encryption scheme! (Score:4, Funny)
LOL "Why do we keep pronounce VME is unbreakable" (Score:4, Funny)
This is so incredible I just can't read anymore.
VME was broken (Score:5, Informative)
I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken [google.com].
It's snakeoil. Just marketing, no security. Move along. Nothing to see here.
The telltale signs of snakeoil encryption (Score:5, Insightful)
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
This is the dumbest thing I've read in a long time (Score:3, Insightful)
Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.
I don't really see what the point is of this encryption scheme.
Re:This is the dumbest thing I've read in a long t (Score:5, Informative)
In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.
So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).
Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).
The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here [google.com], the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".
Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.
Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.
It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.
Wouldn't infinite monkeys (Score:3, Interesting)
In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?
This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.
Ya it's breakable, anyone disagree?
Re:Wouldn't infinite monkeys (Score:4, Funny)
That theory was proved false by the invention of Usenet.
It's not... (Score:3, Interesting)
The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.
It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.
Kjella
BS (Score:3, Insightful)
Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by Distributed.net, and how quickly they did it.
The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
Consider the source--analyze the claims too. (Score:5, Interesting)
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
Re:Consider the source--analyze the claims too. (Score:3, Insightful)
For starters, there is this gem:
Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies.
Really? You get this information from where? Granted, the Israelis get huge foreign aid checks from Uncle Sam every year, but those go overwhelmingly toward military spending. The high-tech industry in Israel is almost completely civilian, and is privately funded, mostly by venture capital (much of which comes from the US, but it's hardly taxpayer dollars). And to claim that Israel, a country of six million people, poses significant competition to American companies is simply ludicrous.
Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members.
This paragraph really shows where you are coming from. You've just taken several unsubstantiated rumors - some of them circling around for years, others having sprung up after 9/11 - and stated them as facts. Where is the State Department report you refer to, and, more importantly, when was it issued? As for the arrest of three "cheering Isralies", this is a complete misrepresentation of fact, if not a bold-faced myth. Disregarding the fact that the poster provides no link to the story, appealing instead to our collective memory, forgetting that Google finds no credible source supporting this claim, and believing the scenario that three shit-for-brains Israeli citizens were arrested while cheering the collapse of the WTC, what significance does it have that they all served in the IDF? None! Israel has a universal draft, and virtually every Israeli over the age 18 has served in the IDF at one time or another. So why the conspiracy theory?
I do not want to turn this into yet another debate about Israel - this is not the forum for it, nor do such debates lead to anything constructive. However, I do want to voice my disappointment with the group-think that pervades this forum: a paradoxical force that uncritically accepts bullshit propaganda even as it seeks to critically access bullshit marketing. Israel-bashing is a trendy phenomenon these days in intellectual circles, and since many of us belong to these circles, the overall anti-Israel mood on Slashdot is not surprising. (Nor is it unfounded, though it is poorly balanced and blown way out of proportion.) However, subjective views aside, unfounded, outlandish, politically charged claims masquerading as an answer to a technical question should be recognized as such, and classified as "Flamebait" and "Offtopic" (as ideally should happen to this response as well) rather than "Interesting" and "Insightful". Let us all try to think, and moderate responsibly, shall we?
A couple of great quotes from the article (Score:3, Insightful)
Oh really? I must have missed the press release when they broke 3DES.
"So far, two million people have attempted to crack the code, but none have managed."
2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?
-a
You can't beat my encryption device. (Score:4, Funny)
Bit pricy though.
This reminds me.. (Score:5, Funny)
So I tried to crack the program and found out it was fairly easy to do (took me a few hours). But then I discovered that the program had a bug which caused the blank password to be accepted as valid password. So much about Unbreakable security.
Snake oil since 1999 (Score:5, Informative)
"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Doesn't anyone here read Cryptogram? (Score:3, Informative)
http://www.counterpane.com/crypto-gram-9902.html [counterpane.com]
I think we can file this under "snake oil".
I would like to see this undergo a peer review... (Score:3, Informative)
However, strong peer review and research though can give very strong motivation as to why a certain algorithm is computationally intractable (making the encryption scheme practically unbreakable).
Before I could ever trust some new-fangled encryption scheme, I think I would like to see the company submitting REAL detailed articles of mathematics and techniques to appropriate research conferences and have the whole algorithm and math undergo the process of peer review. Its just too easy to fuck up encryption and to think something REALLY REALLY hard to compute isn't in reality a lot easier than it seems.
Next up on Slashdot.... (Score:3, Funny)
Allways the same story. (Score:3, Interesting)
There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.
Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.
Favorite claim: "All other encryption methods have been compromised in the last five to six years."
Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...
Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.
At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.
P?=NP (Score:3, Insightful)
Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
Time for googling, people. (Score:3, Informative)
cut and paste the links.) Google for
'meganet', 'encryption', and 'doghouse'
and you'll find two Doghouse entries for these
guys on Cryptogram. One makes fun of their
product; the other for them changing their
name in response to the first entry.
Broken Scheme: Reuse of a One Time Pad (Score:4, Insightful)
Here's the telling bit in the patent scheme (US 6,219,421):
"A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
Rubber Hose (Score:3, Interesting)
Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
Their "explanation" is impossible. (Score:3, Insightful)
http://www.meganet.com/Technology/explain.htm [meganet.com]
Aside from having a 64kB key (1 million bits), they claim:
Did you catch that? They claim that the data isn't contained in the encrypted message!
O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.
This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...
And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.
I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.
In other news... (Score:3, Funny)
Some facts. (Score:5, Interesting)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
He's a megalomaniac (Score:4, Interesting)
Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.
For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.
-b
I invented unbreakable encryption once... (Score:3, Informative)
It turns out if you have a key, you can just guess at it, and eventually break it... I just went to the source of the problem... the key. If you don't have a key, you can't break it. Unfortunately, as it turns out, you can't decrypt it either.
Seriously thhough:
It probably is theoretically possible despite what you may see on here to make an unbreakable encryption. The only problem with this is that it can only be used on data less than the key size(AKA one time pad) and random data(AKA data of an unknown format). If you can accomplish either these two, I don't think anyone will be able to break it. The problem is: With a one time pad, it's pretty much the same as carrying the data to the other end; data is useless unless someone can understand it.
I've always wanted to start a cryto challenge of a crypto that had no signature and was of nearly random data. The problem is, computers are not that great at pattern matching, and won't be able to find a good pattern in your data format to begin with. This is compounded with no verification that the key you used is valid. In theory, you could get anything out of the decryption if it weren't for that pesky external signature. Remove those, and it could decrypt to just about anything the same length.
In a nutshell, if you had the perfect compression (theoretically impossible) it would be impossible to break your encryption (if you didn't have a signature or hash for verification). Now if only compression was encryption oriented (no predictable bits... thus not perfect), we would be all set. If you researched enough, you may be able to make it very hard to predict bits in compression.
Most encryption in the past has been broken by the redundancy of the data (Signatures, statistics, etc.) so that you know if you have the right key (the signature matches, the MD5 matches, or it looks like the target language). If it's impossible to know if you have decrypted the message, it's impossible to break.
Re:well... (Score:2)
Re:256 Bits? I think not. (Score:5, Insightful)
You're ignoring the distinction between symmetric and asymmetric cryptography.
Symmetric cryptography uses only one key for encryption and decryption. For such a key, 256 bits is quite secure.
Asymmetric cryptography uses a public key for encryption and a different, private key for decryption. If using the RSA algorithm then yes, anything less than 1024 is insecure. (Elliptic Curve Cryptography is also asymmetric but is still strong at less than 1024 bits.)
Meganet's algorithm is symmetric.
Key size, addendum (Score:5, Informative)
Symmetrical cryptography does not depend on any specific properties of the numbers selected as the key of the cryptosystem. Therefore a 128 bit key can assume 2^128 different values and, as some other poster pointed out, there is not enough energy in the universe to overcome the background radiation as many times as it would take to count to 2^128, let alone try and brute force the cypher.
Asymmetric cryptography on the other hand derives its features from mathematical properties of some of the numbers used. For example, some systems require the a product of large prime numbers, or discrete logarithms etc. This means that, for example in RSA, you cannot use all of the 2^128 values of a 128 bit key.
Most systems in use today are so-called hybrid systems, using both asymmetric and symmetric cryptography. Since a cryptosystem is as strong as its weakest link, you need to increase the asymmetric keysize to be at least as difficult to break as the symmetric part. Given the current knowledge of factoring algorithms and the like, you need at least a1024 to 2048 bit RSA key to stack up against a 128 bit symmetrical key.
Beware of David Irving (Score:5, Informative)
Re:If the Israelies Have it.... (Score:4, Insightful)
Next, the article from ABC also states, "But the FBI told ABCNEWS, 'To date, this investigation has not identified anybody who in this country had pre-knowledge of the events of 9/11.'", which, of course, contradicts Irving's theory. Note that the use of Israelis and Jews as synonyms.
Third, the Liberty is an interesting case. Yes, the Israelis attacked and nearly destroyed (then helped rescue_ a US ship that was mistaken for an Egyptian war vessel... but all recent non-conspiracy-theory-based investigations have concluded it was a mistake, no different from what happens in any war due to poor intelligence.
Re:pffft (Score:5, Interesting)
here [google.com]
The joy of this for me is that, in the end it really comes down to a 7 bit exhaust to get started decrypting, and after that it's just a matter of decrypting each intermediary key in turn.
Jedidiah
Re:pffft (Score:3, Interesting)
I don't think there's even two million people on the planet who can program in C, let alone understand encryption... this all looks like hyperbole to me.
If you read the article is states that the encryption is equivalent to million-bit strength... in other words extremely fucking hard to break, unless you get very, very lucky, but it IS breakable.
-Mark
Re:pffft (Score:3, Funny)
Jaysyn
Re:pffft (Score:4, Insightful)
Look. This is a proprietary algorithm which was developed by a non-cryptographer, and which hasn't been peer-reviewed. It is snake-oil until it has been exposed to the light of peer-review.
Re:Oh Good... (Score:3, Informative)
Warning Sign #1: Pseudo-mathematical gobbledygook.
Meganet has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Warning Sign #5: Ridiculous key lengths.
Meganet takes the ridiculous a step further : "1 million bit symmetric keys -- The market offer's [sic] 40-160 bit only!!"
Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe. For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless.
Warning Sign #8: Security proofs.
There are two kinds of snake-oil proofs. The first are real mathematical proofs that don't say anything about real security. The second are fake proofs. Meganet claims to have a proof that their VME algorithm is as secure as a one-time pad. Their "proof" is to explain how a one-time pad works, add the magic spell "VME has the same phenomenon behavior patterns, hence proves to be equally strong and unbreakable as OTP," and then give the results of some statistical tests. This is not a proof. It isn't even close.