Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Encryption Security

Israeli Firm Claims Unbreakable Encryption 728

Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
This discussion has been archived. No new comments can be posted.

Israeli Firm Claims Unbreakable Encryption

Comments Filter:
  • Nope (Score:2, Insightful)

    by Anonymous Coward
    One of the creators can always sell out and show how to beat the system.
    • Re:Nope (Score:3, Informative)

      by Anonymous Coward
      That would be on the assumption that they using security through obscurity, which is hopefully not part of it.

      Unbreakable encryption is quantum encryption.

    • by Zeinfeld ( 263942 ) on Tuesday February 11, 2003 @01:17PM (#5280701) Homepage
      This scheme looks very similar to a scheme that Ron Rivest sent to me called Power One Time pad about eight years ago.

      Ron had had a fax from the inventors claiming that the scheme had been endorsed by several well known names in the crypto world who I won't mention for reasons that will become apparent including one of my collegues on a Web standards board.

      There wasn't enough information in the press release to determine whether the scheme was bogus so I did the obvious thing and called up one of the people who was alledged to endorse it. Turned out that he did nothing of the sort, he thought it was snake oil but had been asked a different question, who should he talk to to get it adopted as a standard. The snake oil peddlers had then approached Ron saying that 'S. recommended that he talk to them', cleraly implying that S. recommended the scheme.

      This matrix scheme looks very much like Power One Time Pad, it has the same million bit key. According to the patent application the scheme appears to be a variant of the playfair cipher which was cracked in WWI.

      The competition means absolutely nothing. Any scheme can be made uncrackable if it uses a key length that is greater or equal to the amount of data encrypted. The point is that such schemes are almost completely useless.

      The claimed $1 million prize is not convincing experience has shown that companies that make such offers rarely pay them out even if the scheme is broken. In short the actual value of the prize is:

      Amount x Probability of Payment x Probability of cracking - cost of time.

      The challenge is in any case over. I can't find out how long the challenge was offered for.

      As I said before, I can set the rules for a competition so that the competition is unwinnable even though the cipher is broken.

      For example consider creating a cipher using the declaration of independence which for the sake of argument we will consider to be perfectly random (it is not). The cipher consists of choosing a random starting point in the declaration and then XORing the plaintext with the declaration to create the ciphertext. I can generate one unbreakable ciphertext simply by making the plaintext shorter than the declaration.

      I note that the current challenge text is distributed in a 53Kb Zip file, that would be 424,000 bits or so, considerably less than the alleged million bit key. Give me a few hundred Mb of ciphertext however and we might have a contest.

      The wierd thing is the claim to have a contract with the department of Labor to supply an encryption scheme that is not endorsed by NIST. That would appear to breach several procurement guidlines. Also I can't find any record of any contract of that type on the Department of Labor site.

  • One Time Pad (Score:5, Informative)

    by Overand ( 590318 ) on Tuesday February 11, 2003 @05:15AM (#5277877) Homepage
    One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]
    • Re:One Time Pad (Score:3, Interesting)

      by Anonymous Coward
      Well it depends what you mean by uncrackable.. with an OTP alone i could generate all possible messages the same amountt of bits, and somewhere in the solution set would be the answer. =)

      There is no uncrackable encryption. therefore, information is free. (Notice: not meant to be free, or wants to be free, i cannot infer purpose or intent in design from mere observation.)
      • Re:One Time Pad (Score:5, Insightful)

        by God! Awful 2 ( 631283 ) on Tuesday February 11, 2003 @06:06AM (#5278091) Journal
        Whoever modded this up as anything but funny is an idiot. Of course distinguishing the correct answer from random text is part and parcel of cracking the code.

        I bet when this guy takes a multiple choice exam, he just fills in *all* the boxes, and then claims that he got every answer right.

    • Re:One Time Pad (Score:5, Insightful)

      by jtdubs ( 61885 ) on Tuesday February 11, 2003 @05:31AM (#5277959)
      One time pads are not uncrackable by definition. They have two weak points.

      1) The generation of the pads.

      One time pads are as crackable as your method for generating the pads. If your pad is TRULY random than it can't be cracked via statistics and probability. You must also be sure that no one else saw the pads or had access to the same entropy pool you used to generate the pads.

      2) The distribution of the pads.

      Both parties need a copy of the pad for it to work. How do the parties get the pads? Is this process secure? If not, than the quality of the pad is moot.

      Justin Dubs
      • Re:One Time Pad (Score:3, Interesting)

        by lfourrier ( 209630 )
        I'm quite sure you can get a good randomness by recording noise from your (cheap) sound card.
        Pump up the volume, read /dev/dsp, take one bit in each sample, and with a stock PC, you should have a good random number generator (except if your sound card is good quality, and you have no noise).
        • Re:One Time Pad (Score:4, Insightful)

          by jtdubs ( 61885 ) on Tuesday February 11, 2003 @05:48AM (#5278026)
          The source of randomness isn't the stumbling block.

          Getting good-enough randomness is easy enough now-adays. I mean, heck, check out

          But, you still have to distribute the pad. You can always just use another one-time-pad to encrypt the pad before you send it though. ;-)

          If you are distributing electronically, than you can send the pad out to your partner via some form of public-key encryption. But, now your security is not determined by the strength of the one-time pad (possibly infinite), but by the strength of the public-key crypto-system (certainly not infinite).

          Justin Dubs
          • by Thing 1 ( 178996 ) on Tuesday February 11, 2003 @02:12PM (#5281228) Journal
            Getting good-enough randomness is easy enough now-adays. I mean, heck, check out [] .

            There's a link at "For non-random numbers, try! [] "

            From their site:

            Generating deterministic numbers is a complicated business. uses a unique combination of tried and tested algorithms to provide you with the finest in deterministic numbers. After they are generated, the numbers are subjected to further filters to remove any remaining randomness. Finally, complicated, state-of-the-art statistical tools are used to check that the numbers you get are completely deterministic.

            A mouthful, no? There's a form you can fill out to request deterministic numbers (up to 10,000). The default is 100.

            The punchline: all the numbers are "1".

      • Re:One Time Pad (Score:5, Informative)

        by jtdubs ( 61885 ) on Tuesday February 11, 2003 @05:43AM (#5278008)
        Also of note:

        You CAN NOT use the same pad more than once. Hence the name "One-time" pads. Here's why:

        Here are two messages, encrypted with the same pad:

        cyphertext1 = plaintext1 + one-time-pad
        cyphertext2 = plaintext2 + one-time-pad

        For short:

        c1 = p1 + otp
        c2 = p2 + otp

        Now, I get ahold of both cyphertexts, and I suspect, or guess, that they were encrypted with the same key.

        (c2 - c1) = (p2 + otp) - (p1 + otp)
        (c2 - c1) = (p2 - p1)

        So, now, the "enemy" has a new set of numbers, obtained by the subtraction of the two cyphertexts, and this result is also the subtraction of the two plaintexts as the one-time-pads cancelled out.

        A message that is simply the difference between two plaintext messages is trivially crackable via statistical analysis.

        Anyone who enjoys encryption theory and a good yarn should go pick up a copy of Neal Stephenson's Cryptonomicon. It is one of the best book I have ever read.

        Justin Dubs
        • by Ungrounded Lightning ( 62228 ) on Tuesday February 11, 2003 @09:03AM (#5278683) Journal
          A deficiency of one-time-pad is a man-in-the-middle with plaintext known. Given the known plaintext he can solve for the key and then use it to substitute an identical-length message of his own choosing.

          This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.

          Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with ...") for the long-winded header. The tail disolves into noise, but that could be expected from a code-clerk (or machine) under attack, which might make a synchronization error in the key. For automated systems you can still spoof the checksum at the end even if you can't spoof the tail of the message. Tweak the protocol and you might, say, slip some malware's infection header into a known buffer-overflow bug behind a firewall.

          A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)

          For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)

          Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)

          I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
      • Re:One Time Pad (Score:5, Informative)

        by Des Herriott ( 6508 ) on Tuesday February 11, 2003 @05:52AM (#5278043)
        Quantum cryptography has the potential to solve problem (2) - it allows (what appears to be) truly secure key distribution by exploiting the quantum properties of photons. It's gone beyond the theoretical stage, and quantum channels have even been established through air (as opposed to a fibre-optic link).

        Problem (1) is really hard to do well. And, no, a cheap soundcard is not the answer :)
      • by isorox ( 205688 ) on Tuesday February 11, 2003 @07:00AM (#5278234) Homepage Journal
        How do the parties get the pads?

        Via email. Use a one-time-pad to encypt it.
      • Re:One Time Pad (Score:3, Informative)

        by 1u3hr ( 530656 )
        One time pads are not uncrackable by definition. They have two weak points.
        1) The generation of the pads.

        The article says "Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text". So this is how the "onetime pad" is generated, and this has always turned out to have a weakness. "Real" onetime pads are generated by random natural processes, such as cosmic rays, not from a mathematical seed.

    • Re:One Time Pad (Score:4, Insightful)

      by Surak ( 18578 ) <surak AT mailblocks DOT com> on Tuesday February 11, 2003 @10:26AM (#5279146) Homepage Journal
      How many times do I have to say this:


      Read that again. Go ahead, I'll wait ...


      Now...this is just common sense, people. Encryption is like a door. The person with the right key can open it. Right?

      The door must allow authorized access, but disallow unauthorized access. Usually, whoever has the key is authorized.

      However, if someone can either A) get the key, or B) fake the lock into thinking that they have the key, C) go around the door, or D) remove the door they can get in. There is no such thing as a security system that does not allow either A, B, C or D.

      Anytime you hear 'unbreakable encryption' RUN. They're lying to you. It doesn't exist. Plain and simple.
  • by offpath3 ( 604739 ) <> on Tuesday February 11, 2003 @05:17AM (#5277888)
    I like to refer to it as the Two Time Pad. It's like the one time pad, but _TWICE_ as secure!

    Or maybe Rot26? Or 2Rot13?

  • by Anonymous Coward on Tuesday February 11, 2003 @05:17AM (#5277890)
    Oracle Claims Database Unbreakable.
  • by philovivero ( 321158 ) on Tuesday February 11, 2003 @05:19AM (#5277897) Homepage Journal
    It's been hashed, rehashed, and rehashed again. There's no such thing as unbreakable encryption.

    Not even the one-time-pad is resistant to being hacked (think social engineering).

    Get over it, and stop fantasizing about unbreakable encryption, your own chobits [], Natalie Portman [], beowulf clusters of mecha [], and being as rich as the sub-human wannabe-geek [] already, okay?

  • by Daath ( 225404 ) <lp@code r . dk> on Tuesday February 11, 2003 @05:19AM (#5277900) Homepage Journal
    We'd like some peer reviews please.
  • by Zork the Almighty ( 599344 ) on Tuesday February 11, 2003 @05:19AM (#5277903) Journal
    Why don't people use USB "keychain" devices (oh the irony) to store gigantic one-time-pad keys ? The 512MB or 1GB or whatever on these things would go pretty far, the only problem is that if they were seized, someone could read your messages (which is always a liability with using the one-time-pad..)
  • Sounds good... (Score:5, Interesting)

    by fi-greenie ( 514665 ) on Tuesday February 11, 2003 @05:20AM (#5277904)
    Although it's not so easy to crack for example a 2048-bit RSA key, it's easy to break the guy who encrypted the data with it.

    Unless the guy kills himself after encrypting the data, thus creating the "almost unbreakable" encryption.

    What one fool can create, another can break.
  • by jpnews ( 647965 ) on Tuesday February 11, 2003 @05:20AM (#5277909)
    It's easy enough to test. Offer a monetary reward to anyone who breaks it. This is the traditional response to such claims, is it not? I'll let you know where to send the check...
  • by The_Spide ( 571686 ) on Tuesday February 11, 2003 @05:20AM (#5277910)
    > creates exceptionally random cipher text and
    > combines it with a one million-bit key

    How can a deterministic computer create anything
    more then pseudorandom ?
  • Snake oil (Score:5, Insightful)

    by Scarblac ( 122480 ) <> on Tuesday February 11, 2003 @05:20AM (#5277911) Homepage

    From the article:
    "Most of the encryption community called our product snake oil," says Backal. "Everyone competed to throw stones at us and didn't bother trying to understand the product."

    So, 1) They have an unbelievable claim (unbreakable encryption) and 2) the extremely knowledgeable encrypton community, who have much experience with breaking encryption, has seen their product and calls it snake oil.

    It is snake oil. Move along.

    • No, no, no! (Score:4, Insightful)

      by Trogre ( 513942 ) on Tuesday February 11, 2003 @05:45AM (#5278014) Homepage
      Because some experts have been burned by fakes in the past does not necessarily make everything snake oil.

      Because they dismissed this product as more of the same before actually evaluating it does not make it snake oil.

      Probably snake oil, yes. But on the other hand it could be something quite revolutionary.

      There's nothing quite like apathy to retard progress.

    • Origin of the term? (Score:5, Interesting)

      by The Tyro ( 247333 ) on Tuesday February 11, 2003 @06:05AM (#5278085)

      Counterpane had a little blurb on their website about it... Crypto stuff []

      This may have been where the original "Snake Oil" comment came from.

      I'm no elite cryptographer; I just try to be an educated user. I rely on people far smarter, and with far more expertise than I'll ever have in the field of cryptography to give me an idea of whether something is reasonably good. That said, even a rank amateur like myself can detect marketing-speak...

      I have no authoritative expertise with which to judge encryption algorithms, but outrageous claims tend to speak for themselves... in a negative way.
    • by Zemran ( 3101 ) on Tuesday February 11, 2003 @07:18AM (#5278301) Homepage Journal
      I know what it is like to be misunderstood. I have this brilliant, gauranteed, money making scheme that no-one has faith in. If you send my £25 I will tell you all about it.
    • by kfg ( 145172 ) on Tuesday February 11, 2003 @08:57AM (#5278662)
      doesn't work. It just keeps going faster and faster."

      It is the perennial cry of the snake oil crowd that the "establishment" won't take their claims seriously. It never, *ever* seems to occur to them that this is because their claims are *provably* whacko. Especially where purely mathmatical structures are concerned.

      Most snake oil saleman didn't do very well in math at school, although this personal limitation has never seemed to stand in the way of their being able to seriously cook a set of books to display for the investors.

  • They use a 1 MB key to encrypt the data, whee.

    It's not theoretically unbreakable, just practically unbreakable with today's technology.
  • "Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."

    So is this a rotating cleartext or what?

  • by danielhsu ( 78479 ) on Tuesday February 11, 2003 @05:21AM (#5277915)
    > This isn't the first time someone's made this claim, or second, or third ...

    And if this story gets reposted, it'll seem like a fourth!
  • by Wrexs0ul ( 515885 ) <.moc.eninkcar. .ta. .reiemm.> on Tuesday February 11, 2003 @05:21AM (#5277919) Homepage
    Wonderful article, but how good is encryption when your fundamental flaw in data security is the people who use it?

    Case in point: 128-bit SSL keys, MD5 hashed passwords on a system utilizing firewalls and a database whose data is encrypted by the super-uncrackable-key(tm)... owner connects to the site over the internet via telnet...

    We should invent encrypted people. That way not only would data be safe, but it's so secure the guy next to you has no idea what you're talking about!


  • I'm certain that One time pad encryption (where you use a stream of random data the same length as the input as a key, and you only use it ONCE) is unbreakable.

    I also believe that some form of quantum encryption has been proven to be unbreakable, but I have no idea how it works, or why. Especially since a regular computer can do anything a quantum computer can do, if given enough time.

    If these Israelis could prove mathematically that their encryption method can't be easily reversed, then I think they might as well claim it's unbreakable as you can say something like "the key can't be found even if every atom of silicon on earth was used as a transistor, and was used as one until the sun burns out". Or something like that. Remember, public key crypto is only believed to be secure, since no one's been able to figure out how to factor large numbers quickly. It doesn't mean they never will.

    Personaly, I doubt it, though.
  • by atcurtis ( 191512 ) on Tuesday February 11, 2003 @05:22AM (#5277924) Homepage Journal
    I have an amazing encryption and compression method - it encrypts and compresses any message into a single binary bit! No one else can decipher the message... not even the recipient... unless they have the decryption key...

    Which is unfortunately 2x the size of the original message.

    Ho hum...

  • by vor ( 142690 ) on Tuesday February 11, 2003 @05:22AM (#5277925)
    The first few paragraphs offer some details on what was developed...

    Then for the rest of the article there is just information on Meganet's business health. Looks more like they're trying to spur investing into the company rather than offer details on how the product works.

    Until the source code is published and subjected to peer review like PGP was, then and only then can it be deemed "secure." Until then I'll be running PGP on my computer powered by cold-fusion generated electricity =)
  • Correction: (Score:3, Insightful)

    by Dark Lord Seth ( 584963 ) on Tuesday February 11, 2003 @05:24AM (#5277931) Journal
    Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets.

    That means: "Not unbreakable, but certainly not feasible to even try with current technology." Why is it that as soon as something becomes hard to do it is considered impossible and thus vastly overrated untill the opposite proves itself? I can imagine that quite allot of Good Things(tm) have gone to hell and back again only because they were kickstarted into a hype of invulnerability untill the opposite happened, causing everyone to suddenly ditch it...

  • old news (Score:3, Interesting)

    by Anonymous Coward on Tuesday February 11, 2003 @05:27AM (#5277944)
    heard this last year. it's a seeded one-time pad.

    generating your OTP by means of an algorithm is not a good idea.

    the "one million bit" is simply the length of the pad required for a one-million character message.

    essentially, any pseudo-random-number generator algorithm is identical to this.
  • by hdparm ( 575302 ) on Tuesday February 11, 2003 @05:28AM (#5277946) Homepage
    ...Ask Kevin Mitnick - Part II.
  • by Anonymous Coward on Tuesday February 11, 2003 @05:30AM (#5277953)
    Their glick is using a 1MB long key (4000 times longer than current encryption methods). They say it's going to be the strongest in the next 5-6 years.

    The title "unbreakable" was created by the journalist (and it appears to have worked, they got a story in slashdod).
  • by Scarblac ( 122480 ) <> on Tuesday February 11, 2003 @05:36AM (#5277971) Homepage

    They point at websites where credit card numbers where stolen, and say their unbreakable encryption will help there.

    Well, surely those weren't encrypted, but were simply stored in some directory in unencrypted text? Almost always it's just stupid security that's the problem. Any sort of modern encryption would have been good enough, too.

    And if you can't keep crackers away from your credit card numbers, why would you be able to keep them away from your 1Mb key?

    • The important part of any encryption system is how the data is decrypted. Particularly, the following paragraph distresses me:
      Data security is one of the key concerns for governments and corporate users today as hacking becomes increasingly prevalent. In 2000, an FBI survey showed that 90 percent of participating companies had their computer systems vandalized by rivals, hackers, or even disgruntled employees. In January 2000, hackers stole 250,000 credit card numbers from an online CD store. They tried to blackmail the store. When it refused to pay, the hackers published 10,000 card numbers on the Internet.
      So, great, you have a super-encrypted MySQL database for all your credit cards. You access it by normal methods; it decrypts data on the fly after authenticating you. Your username is "root" and your password is blank. All the encryption in the world isn't going to save you.

      Everyone needs to learn to stop throwing encryption at a problem and calling it security. Encryption should always be the base layer of any security scheme, never the top-level element (and certainly not the sole one!). Encrypt your databases on disk and in RAM and on the way to and from the CPU if you want, in case the machine is physically stolen. But don't forget to apply the latest patches, rotate passwords, implement effective firewall rules, and guard physical access to minimize the danger of it walking away in the first place.

  • by Alsee ( 515537 ) on Tuesday February 11, 2003 @05:36AM (#5277973) Homepage
    Take input file and pipe it to dev/nul,
    Take dev/random and pipe it to output file.

    Guaranteed unbreakable encryption!

    • by cthugha ( 185672 ) on Tuesday February 11, 2003 @07:41AM (#5278392)

      Guaranteed unbreakable encryption!

      Not entirely. There is a slight chance that the output from /dev/random will be identical to the original message. :)

    • by nahdude812 ( 88157 ) on Tuesday February 11, 2003 @08:11AM (#5278477) Homepage
      that's still technically brute-forceable. We can do the infinite monkeys at an infinite number of typewriters thing, and at some point a monkey would have typed your original message. We may not know he did, but it would have happened. Lets take an example from my fortune file:

      The saying goes: if an infinite number of monkeys typed on an infinite number of typewriters, eventually
      all the great works of mankind would emerge. Now, with today's high speed computers, we can finally test
      this theory...

      Lzskd jfy 92y;ho4 th;qlh sd 6yty;q2 hnlj 8sdf. Djfy 92y;ho4, th;qxhz d7yty;
      Q0hnlj 23&^ (# ljask djf y92y; fy92y; Sd6y ty;q2h nl jk la gfa harvin garvel
      lasdfsd a83sl la8z ks8l 92y;ho4 th;qlh sd 6yty;q2 hnlj 8sdf. Djfy 92y;ho4,
      th;qxhz d7yty; Q0hnlj 23&^ nknod mrs88 jsd79lfm#%$JLaoz6df lso7dj f2 jfls
      67d9ol1@2fou99s 1lkj2 @l.k1 2; a89o7aljf 1l3i7ou8 d8l3 lqwerty0092 #1!
      ja9o do8lkjj139rojsd9**!l6*hd # ljasd78 l2awkjad78 3ol7asljf 3 ldif & l.js
      Ll ls ewan la8uj 23lll7u 8l 3h hhxx8 8d lsd fixx 891lkjno99sl d8l@@@!!8#8
      dfoil jarooda mklaoorj nowai the smisthliylka jkdlfjiw ladajadra lthhheeejfjl
      dkddooolda bub mirznod of the koojgaf!! But 2 be or not to be... that is the
      question. Then when shall we three meet again In thunder, lightning, or in
      rain? When the hurlyburly's done, When the battle's lost and won. That will
      be ere the set of sun. Where the place? Upon the heath. There to meet with
      Macbeth. But hath forth not to want..... a banana, or to be.... a banana.
      Banana, I knew him banana. Banana banana. Banana banana banana banana.

      Well... hmm.... it seemed like a good idea...
  • by accident ( 575230 ) on Tuesday February 11, 2003 @05:37AM (#5277979)
    (grammar theirs)
    When a transmission of conventional algorithm is sent, it includes an encrypted form of the actual data. Given that a hacker have enough computing power and time, any message can be deciphered. With the VME engine the case is different; the actual data is never transferred. Therefore, when intercepted by a hacker, the results will yield absolutely nothing. [source] []
    This is so incredible I just can't read anymore.
  • VME was broken (Score:5, Informative)

    by eddy ( 18759 ) on Tuesday February 11, 2003 @05:38AM (#5277987) Homepage Journal

    I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken [].

    It's snakeoil. Just marketing, no security. Move along. Nothing to see here.

  • by philipsblows ( 180703 ) on Tuesday February 11, 2003 @05:41AM (#5278000) Homepage

    From the press release or whatever that is:

    Meganet Corporation's founder, Saul Backal, claims that its solution can put an end to these problems. Meganet offers a
    patented non-linear data mapping technology[1], called VME (Virtual Matrix Encryption)[2], that creates exceptionally random cipher text[3] and combines it with a one million-bit key[4], which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits[5].
    "There is nothing stronger in existence,"[6] says 38-year-old Backal, a dual Israeli-U.S. citizen[7] who was a tank commander in the IDF in the Lebanon war[8]. "All other encryption methods have been compromised in the last five to six years."[9]
    • [1] A cool, wordy name for this new, fantastic technology
    • [2] An even cooler, trademark-able acronym
    • [3] Hand waving
    • [4] An excessively-large encryption key, to impress us
    • [5] A dig on current encryption key size, since smaller keys == less encrypted...
    • [6] Outlandish claim
    • [7] Mysterious lineage of the founder. Hmmmmm.
    • [8] Tank commanders. Does anyone understand encryption better than these guys?
    • [9] Article claims this one has been in development for 11+ years... see how long it takes to cryptanalyze having appeared on slashdot!

    Even though this is probably bogus, the prize for breaking it looks interesting

    In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed.
  • by mlyle ( 148697 ) on Tuesday February 11, 2003 @05:42AM (#5278006)
    One of the key metrics of a cipher's strength is how strong it is in comparison to its key size. 256 bit ciphers, if brute force is the best attack, are immune to brute force with any imaginable technology (it is hard to imagine building a machine with matter that can count to 2^256, let alone try and brute force a cipher).

    Making the key huge just makes the other potential sources of compromise (compromise by bad key generation or distribution) easier. If you want a huge keystream, you might as well use a large one time pad.

    I don't really see what the point is of this encryption scheme.
    • In Applied Cryptography, Schneier has a lovely explanation of why you can't brute force a 256 bit key. IIRC it comes down to there not being enough quantums (of time) between now and the end of the universe to check every possible key if every atom can perform on calculation per quantum. He also explains why its not physically feasable to brute force a 128 bit keyspace.

      So what is comes down to is this: either you find a weakness in the algorithm, or work on quantum computing until it can brute force huge keyspaces outside the normal constraints of physics. Until then, 128 bits is enough (for symmetric crypto).

      Actually reading the Meganet site is laughable. They attribute stolen credit card details to poor or broken cryptography (reality: this data isn't kept encrypted on the site host, because the security architecture of most sites sucks).

      The algorithm they claim is uncrackable is based on a random "matrix", which is derived from a "file of any size that is available ..." on both sending and receiving computers. So there IS secret data that must be transferred (or else that file is public, even worse). According to the code available here [], the values aren't even vaguely random - just do lots of XORs using bits from your "secret file".

      Meganet tries to justify its claims by pointing to multiple encryption. Big news guys: the size of the keyspace determines security, not the number of times you encrypt with the same key. At best multiple encryption makes it take longer to brute force the keyspace. It doesn't add security. Period.

      Apart from that this matrix is used as a lookup table. That means that it has all of the problems of a one time pad, without the benefits. As soon as you use any block of values from the matrix again, you have information that you can use to attack the encryption.

      It may be true that noone has broken this algorithm. I've written crypto algorithms that noone has broken ... because I've never published them, and noone has had an interest in breaking them. That doesn't make them secure. Cryptographic security is achieved using simple algorithms that can be proven, using mathematical theory, not attested to by supposition and lame tests.

  • by t0qer ( 230538 ) on Tuesday February 11, 2003 @05:58AM (#5278066) Homepage Journal
    at infinite typewriters eventually produce the great works of shakespear?

    In regards to breaking encryption on the article, if the above statement was true wouldn't that mean eventually it could be broken?

    This still isn't quantum encryption, which does deal with infinites. It said 1 trillion keys on the site which makes me think eventually if you throw enough (**cough* beowulf) Ghz per hour at it you could break it down.

    Ya it's breakable, anyone disagree?
  • It's not... (Score:3, Interesting)

    by Kjella ( 173770 ) on Tuesday February 11, 2003 @06:06AM (#5278090) Homepage
    Any cipher that relies on mathematics can not be proven secure. If you look up Gödel's Incompleteness Theorems, you'll see that in any axiomatic mathematical system there are propositions that cannot be proved or disproved within the axioms of the system. So if I propose that there does exist some (unspecified) mathimatical way to break that cipher, you won't be able to 100% conclusively _disprove_ it. Also there's the off chance (2^-128, 2^-1000000, doesn't matter in a _theoretical_ sense) that I'll pick the right key by chance, and in common ciphers you'll *know* if the key is right.

    The only theoretically perfect way is a (not pseudo-) random one time (not rehashed) pad, and it suffers from massive problems in key distribution, and the one who encrypts it (or has access to the encrypters machine) can also decrypt it, unlike good public/private key cryptography. Also it is suiceptable to wiretap of key transfer, while public/private key crypto is only suiceptable to a man-in-the-middle attack, which requires the ability to change the data on-the-fly.

    It would hardly be a problem to extend many of the current ciphers to use much longer keys than 128 bit (symmetric) or 2048 (asymmetric), which is the standard today. However, most people agree 128 bit is strong enough given that there is no cryptographic attack. If there is one, the cipher might be fundamentally useless regardless of whether your key is 128bit or 1000000bit anyway. And no, you won't know. Why do you think the military is so secretive about what they will and won't use? To keep the others guessing what they really can and can't break.

  • BS (Score:3, Insightful)

    by muffen ( 321442 ) on Tuesday February 11, 2003 @06:18AM (#5278124)
    I don't think this encryption is unbreakable. To me it sounds like they are relying on the massive keylength. Just because it has a large key, it is unbreakable.

    Large random keys will make it more difficult to break the encryption, but unbreakable is just wrong. A one-time cipher is still more secure than this thing. They should take distributed computing into account as well. Just look at some of the encryptions that have been broken by, and how quickly they did it.

    The only unbreakable encryption I believe is possible is the one described by Simon Singh in the book "The Code Book". The encryption described in this book relies on the vibration of photons. Due to the nature of photons, it is not possible to sniff for the key.
    Of course, this encryption is only theoretical. By the time we can implement it, we may already be able to break it.
  • by JBhoy ( 630783 ) on Tuesday February 11, 2003 @06:19AM (#5278129)

    First, let's consider the source of this article. Here is what Israel21c says about themselves.

    "ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."

    Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.

    So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.

    "Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."

    Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.

    "All other encryption methods have been compromised in the last five to six years."

    This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.

    "Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."

    Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:

    "In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."

    I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.

    The following two quotes give reason for pause as well.

    "In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."

    "By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."

    You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?

    Here is the part that worries me, however.

    "Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."

    Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.

    The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.

    I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.

    Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.

    • Excuse me? Why must an insightful, to-the-point analysis of the (non-)merits of this firm's claim be bundled with an ill-informed, unsubstantiated anti-Israel rant? I've noticed at least one such post on Slashdot that invariably gets moderated all the way up to +5 every time there is an article relating to Israel in the most minute and insignificant way. This one, however, is particularly blatant. In disputing the company's outlandish claims, the poster makes a few of his own, and the same moderators who are (rightly) skeptical of the "unbreakable cipher" take the poster's claims at face value.

      For starters, there is this gem:

      Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies.

      Really? You get this information from where? Granted, the Israelis get huge foreign aid checks from Uncle Sam every year, but those go overwhelmingly toward military spending. The high-tech industry in Israel is almost completely civilian, and is privately funded, mostly by venture capital (much of which comes from the US, but it's hardly taxpayer dollars). And to claim that Israel, a country of six million people, poses significant competition to American companies is simply ludicrous.

      Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members.

      This paragraph really shows where you are coming from. You've just taken several unsubstantiated rumors - some of them circling around for years, others having sprung up after 9/11 - and stated them as facts. Where is the State Department report you refer to, and, more importantly, when was it issued? As for the arrest of three "cheering Isralies", this is a complete misrepresentation of fact, if not a bold-faced myth. Disregarding the fact that the poster provides no link to the story, appealing instead to our collective memory, forgetting that Google finds no credible source supporting this claim, and believing the scenario that three shit-for-brains Israeli citizens were arrested while cheering the collapse of the WTC, what significance does it have that they all served in the IDF? None! Israel has a universal draft, and virtually every Israeli over the age 18 has served in the IDF at one time or another. So why the conspiracy theory?

      I do not want to turn this into yet another debate about Israel - this is not the forum for it, nor do such debates lead to anything constructive. However, I do want to voice my disappointment with the group-think that pervades this forum: a paradoxical force that uncritically accepts bullshit propaganda even as it seeks to critically access bullshit marketing. Israel-bashing is a trendy phenomenon these days in intellectual circles, and since many of us belong to these circles, the overall anti-Israel mood on Slashdot is not surprising. (Nor is it unfounded, though it is poorly balanced and blown way out of proportion.) However, subjective views aside, unfounded, outlandish, politically charged claims masquerading as an answer to a technical question should be recognized as such, and classified as "Flamebait" and "Offtopic" (as ideally should happen to this response as well) rather than "Interesting" and "Insightful". Let us all try to think, and moderate responsibly, shall we?

  • by God! Awful 2 ( 631283 ) on Tuesday February 11, 2003 @06:23AM (#5278142) Journal
    "All other encryption methods have been compromised in the last five to six years."

    Oh really? I must have missed the press release when they broke 3DES.

    "So far, two million people have attempted to crack the code, but none have managed."

    2 million... that's a lot. How does one determine how many people have tried to crack the code anyway?

  • by StormyWeather ( 543593 ) on Tuesday February 11, 2003 @06:29AM (#5278159) Homepage
    It's my girlfriend. Many men have tried, and to date none have been able to figure her out.

    Bit pricy though.
  • by attackiko ( 170417 ) on Tuesday February 11, 2003 @06:45AM (#5278193) Journal
    There used to be a Windows program called "Unbreakable security" which, among other things, could encrypt a file and put it in self opening .exe file (you had to enter the password).

    So I tried to crack the program and found out it was fairly easy to do (took me a few hours). But then I discovered that the program had a bug which caused the blank password to be accepted as valid password. So much about Unbreakable security.
  • Snake oil since 1999 (Score:5, Informative)

    by ronys ( 166557 ) on Tuesday February 11, 2003 @06:56AM (#5278226) Journal
    Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue [] of his monthly crypto-gram newsletter []:

    "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.

  • by Anonymous Coward on Tuesday February 11, 2003 @07:44AM (#5278404)
    Bruce Schneier covered this way back in February 1999: []

    I think we can file this under "snake oil".
  • by fortinbras47 ( 457756 ) on Tuesday February 11, 2003 @07:47AM (#5278413)
    Mathematically speaking, its basically impossible to prove that some encryption algorithm is intractably difficult to solve. (If for example you show the decryption process is NP complete, that just shows that the worst case is likely to be difficult if P != NP etc...)

    However, strong peer review and research though can give very strong motivation as to why a certain algorithm is computationally intractable (making the encryption scheme practically unbreakable).

    Before I could ever trust some new-fangled encryption scheme, I think I would like to see the company submitting REAL detailed articles of mathematics and techniques to appropriate research conferences and have the whole algorithm and math undergo the process of peer review. Its just too easy to fuck up encryption and to think something REALLY REALLY hard to compute isn't in reality a lot easier than it seems.

  • by worst_name_ever ( 633374 ) on Tuesday February 11, 2003 @08:09AM (#5278471)
    British firm claims unsinkable ship...
  • by gweihir ( 88907 ) on Tuesday February 11, 2003 @08:30AM (#5278539)
    The only thing a claim of having "unbreakable encryption" does, is expose the people claiming it as incompetent.

    There are really only three choices: Either they reinvented the ages old one-time-pad (which is unbreakable but of limited applicability to practice) or they have crypto that is breakable and did not see it or they have conditions on that "unbreakable" that practically void the claim.

    Many researchers rightfully believe that (unconditionally) unbreakable encryption cannot do better than the one-time pad and in fact will be a more or less disguised one-time pad. I think this is pretty obvious, but claims of this nature are notoriously hard to prove and nobody has done so yet.

    Favorite claim: "All other encryption methods have been compromised in the last five to six years."

    Oh? I was not aware of practical breaks for AES, RSA, ElGamal, IDEA,...

    Sure, you can brute-force a short-length RSA, but that is not a "compromise" of the cipher. After all I can factor 35 in my head. Which makes RSA with that modulus pretty insecure. But it has no impact on RSA in general.

    At least the article is not a complete lie. It says "appears to be unbreakable" which is true for most ciphers as soon as your level of competence is a s low as that of the writers of the article.

  • P?=NP (Score:3, Insightful)

    by archnerd ( 450052 ) <nonce+slashdot@org.dfranke@us> on Tuesday February 11, 2003 @08:31AM (#5278540) Homepage
    There's a theorem that remains to be proven or disproven called the P?=NP theorem. It expands to "the set of problems solvable in polynomial time ?= the set of problems solvable in non-deterministic polynomial time". Nobody has any clue how to go about a proof. It's one of the Clay institute's million dollar math problems and I'm betting it'll be the last of them to fall.

    Basically, if this theorem were proven, than asymmetric cryptography would be impossible and much of today's symmetric encryption would also collapse. So, if you're going to claim unbreakable encryption, you'd better hand me a proof that P!=NP.
  • by Apuleius ( 6901 ) on Tuesday February 11, 2003 @09:03AM (#5278687) Journal
    (Typing from a wierd 'puter, so I can't
    cut and paste the links.) Google for
    'meganet', 'encryption', and 'doghouse'
    and you'll find two Doghouse entries for these
    guys on Cryptogram. One makes fun of their
    product; the other for them changing their
    name in response to the first entry.
  • by Burstwave ( 520213 ) on Tuesday February 11, 2003 @09:04AM (#5278690)
    This crypto scheme is weak and can be rapidly broken by a brute force approach. It requires a common private key sequence that is shared among multiple users of the software; each user uses this common key to encrypt messages along the matrix. Matrix values are shared amongst all users with a common "serial number prefix." The encrypted "message" that is created is not actually the message; it is a bit sequence that points at positions within the matrix. The software locates each bit position to give a readout of the character at that step. Although the matrix undergoes convolutions as decryption occurs, supposedly making it more "uncrackable," ultimately the reduction of this method requires re-use of a one-time pad (the "virtual matrix"). Reuse of a one-time pad turns an unbreakable encoding into something insecure and breakable. That is ultimately the largest weakness of this algorithm.

    Here's the telling bit in the patent scheme (US 6,219,421):
    "A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force."
  • Rubber Hose (Score:3, Interesting)

    by pridkett ( 2666 ) on Tuesday February 11, 2003 @09:50AM (#5278914) Homepage Journal
    Anyone who thinks that their encryption is unbreakable should think about the rubber hose and pay off the janitor methods of breaking encryption. Typically it's far cheaper to pay someone to give up the secret than it is to even power the computers to do it.

    Also, I didn't see where it says it's unbreakable (at least in those words). I see a mention of some virtual matrix encryption which generates a million bit key, but even that is still breakable.
  • by rdmiller3 ( 29465 ) on Tuesday February 11, 2003 @10:52AM (#5279373) Journal
    See here for the "explanation" of their cipher: []

    Aside from having a 64kB key (1 million bits), they claim:

    When a transmission of conventional algorithm is sent, it includes an encrypted form of the actual data. Given that a hacker have enough computing power and time, any message can be deciphered. With the VME engine the case is different; the actual data is never transferred. Therefore, when intercepted by a hacker, the results will yield absolutely nothing.

    Did you catch that? They claim that the data isn't contained in the encrypted message!

    O-kaaaay... so, how does it get from here to there?!? Pulling a statement like this out of their posterior crevices proves that they don't know what they're talking about. Of course the "actual data" is transferred... that's what we call it when data goes from one place to another. Running it through their magic algorithm doesn't eliminate the information content, else there wouldn't be any point in sending the message at all.

    This statement could be a clue to the algorithm though, especially combined with the claims that it's faster than RSA and with its suspiciously huge key...

    And of course there's another problem. How do you get a 64kB key from a user? You don't. And there's no mention of "VME" being a public-key algorithm, so it's just a session key, not a public key. How useful is that? Not very.

    I think I'm beginning to see why this company was able to have lean times even while others were getting VC funding to develop the business plan of the South Park underwear gnomes. Now though, we live in more patriotic times when people will believe that tank commanders have the proper background to recognize when they've "stumbled upon" good cryptographic algorithms.

  • by supabeast! ( 84658 ) on Tuesday February 11, 2003 @10:59AM (#5279438)
    Israeli firms generates free publicity with ludicrous claims.
  • Some facts. (Score:5, Interesting)

    by acorn ( 203153 ) on Tuesday February 11, 2003 @10:59AM (#5279444)
    What is being advertised here is not unbreakable in the sense used by most mathematician or serious cryptographers. (When a cryptographer says unbreakable, s/he means that the system is secure even against an adversary with unlimited computing power.)

    Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.

    In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".
  • He's a megalomaniac (Score:4, Interesting)

    by binford2k ( 142561 ) on Tuesday February 11, 2003 @11:18AM (#5279608) Homepage Journal
    These guys are crack smokers, especially Saul Backal. They tried to sell the company I was working on at the time on this VME bullshit. (I have an unopened copy if anybody wants it . . .)

    Maybe they came up with something, maybe they didn't. After meeting him and going through their presentation and watching him stumble over some basic questions, I will never trust that company. Some memorable things from that meeting: Bruce Schneier doesn't know what he is talking about. We don't need peer review to know our algorithm is secure. No you can't analyze the source or the algorithm.

    For those who may not know, the measure of a truly secure algorithm is that it is secure even when the algorithm is known.

  • by j3110 ( 193209 ) <> on Tuesday February 11, 2003 @02:50PM (#5281660) Homepage
    the problem was, I couldn't decrypt it either...

    It turns out if you have a key, you can just guess at it, and eventually break it... I just went to the source of the problem... the key. If you don't have a key, you can't break it. Unfortunately, as it turns out, you can't decrypt it either.

    Seriously thhough:
    It probably is theoretically possible despite what you may see on here to make an unbreakable encryption. The only problem with this is that it can only be used on data less than the key size(AKA one time pad) and random data(AKA data of an unknown format). If you can accomplish either these two, I don't think anyone will be able to break it. The problem is: With a one time pad, it's pretty much the same as carrying the data to the other end; data is useless unless someone can understand it.

    I've always wanted to start a cryto challenge of a crypto that had no signature and was of nearly random data. The problem is, computers are not that great at pattern matching, and won't be able to find a good pattern in your data format to begin with. This is compounded with no verification that the key you used is valid. In theory, you could get anything out of the decryption if it weren't for that pesky external signature. Remove those, and it could decrypt to just about anything the same length.

    In a nutshell, if you had the perfect compression (theoretically impossible) it would be impossible to break your encryption (if you didn't have a signature or hash for verification). Now if only compression was encryption oriented (no predictable bits... thus not perfect), we would be all set. If you researched enough, you may be able to make it very hard to predict bits in compression.

    Most encryption in the past has been broken by the redundancy of the data (Signatures, statistics, etc.) so that you know if you have the right key (the signature matches, the MD5 matches, or it looks like the target language). If it's impossible to know if you have decrypted the message, it's impossible to break.

"An open mind has but one disadvantage: it collects dirt." -- a saying at RPI