1,000,000 Bit Encryption?

[phaza7]

I'm not to 100% certain how it works but would love 2 play with. Wonder how before it becomes so-called
in secure as stated by jinx UR your biggest security leak
which I personally found out to be truth
social -eng ( my wife fell vicitm of it).

Can't wait 2 see how this works out

[mayhem991]

How powerful do the computers using this algorithm have to be? To be useful the algorithm must run on a commonly used computer.

[Tim_axe]

WELL, MY CONCLUSION (IN SECURENESS) WAS WRONG...
Because it was in the news, I was lead to believe that it was correct... *sigh* Well, I might as well not wipe away my work - instead, I'll use it to learn from my mistakes...

My Notes: Reading through all of that made me think of a Dictionary File. My first impression after reading that was that it was some sort of backwards-working WinZip program - that is it makes stuff bigger rather than smaller, and using a dictionary. It was confusing, but I was tricked to believe that it was correct, so I worded my conclusion in a way to support that opinion. I tried to analyze and put together what was said, and as I said earlier, it reminded me of a backwards working dictionary-based compression program. It seemed to be a HUGE waste of space to put a file into *virtural matrixes*.

Since at least some fraction of my observations were impartial, I've decided to keep the original text below. Hopefully, we can learn what to look for based on this...


*Original Text Below*




- Be prepared for a BIG read -


OK, I've started reading more into this, and I can answer a few questions, and bring up even more...

First off, to mayhem991 - Their site claims it is faster than RSA (aka - not very computationally intensive):

From:http://www.meganet.com/Technology/explain.htm

And yet VME is faster than RSA.

Now, the keys that are used:

From:http://www.meganet.com/products/VMEo...office2002.htm

One-million bit key - four 2048 bit keys, four 512 bit keys and a unique 248 bit transaction key.

Now, what composes the key? The Date/Time MAY be a factor, judging from:

From:http://www.meganet.com/products/VMEo...office2002.htm

Date limit
Set a date range and even with the correct keys decryption will be impossible when it expires.

Now, that is quite a bit right there. But, there is a whole lot more. This part has me thinking...


They say that the actural encrypted data is NOT sent. Therefore even if you intercept it, it is *useless*. Why? Because the data you got is acturally a list of pointers to values in a Virtural Matrix. The values change after each pass (Continually changing), so the number of combinations will increase (in my opinion). So, my interpertation is that the initial state of this Virtural Matrix (Key?) is transfered, along with a Session Key. Another thing that comes into use is the program's Serial Number. OMG! SERIAL NUMBER???!!!. Well, here this out... You can use it to select a range of audiences [Global, Group, Specific, Private]. You are able to select certain portions of a serial number, and people with that portion can decrypt it. With no serial number, anyone with a valid copy of the program can decrypt the file (With the key, right? - Of course!).

After reading it, other things that affect the encryption process - file name, and save-as name. This is only my interpertation, but take this for example... You encrypt a file (please don't take this seriously, I'm just giving it a reason to use the names options) "P0rN.zip", and you give it to a friend (who has the software). He has the key and everything, and is ready to decrypt. BUT, you've set it so he can only decrypt it correctly if he saves it as "Boring School Play Recital Photos.zip". I'm not too sure if the names of the files has a big impact, but if they do, then it could add an Obscurity layer of extra *security*. But still, most everything else looks pretty hardened, but as mentioned, nothing can be 100% safe.


Well, I'll just put the links below. This would become a serious mess of quotes otherwise. BTW, I have a comment here - they must be very confident in their algorithm, as they post a link to their patent on their site, and *explain* it for you...

Links:
Patent Info - http://164.195.100.11/netacgi/nph-Pa...+encryption%22
Quoted (1) - Explaining VM Encryption - http://www.meganet.com/Technology/explain.htm
Quoted (2/3) - Data Security, Products Section - http://www.meganet.com/products/VMEo...office2002.htm


And my ending comments...

This program's weakest link is ultimately you. It offers too many combinations to effectively brute-force, though it sounds straight-forward enough. But, one curiousity is about how it is decrypted - if you get an obviously invalid result, they key is wrong, but you still have many, many, many, many more keys to search through... Using certain data within the key worries me, though. Especially the serial-number part. But, I understand what they were trying to do with the serial numbers. Seeing that they are either used/to be used by the government, there could be a "all us government-wide" serial number prefix. To send to certain people within it, you'd progressively select more of the serial number until you have one specific person's number selected. Seeing that, though, possibly destroys the point of having it in the first place, especially if it is publicly avaliable. Any person could find out Bob's serial number, and if they have the other parts, they could possibly change their serial number to Bob's, and decrypt his stuff... I don't know for sure if this is public key or private key encryption, but it seems to be private key in my perspective, with some possibly public pieces of information - but private key none-the-less. Well, this is becoming a rant or something, so I'll end it here. And BTW, it doesn't seem to be all that expensive ($100 or so) either... Perhaps it is possible to try it out without overly killing your budget...


-Tim_axe

[thehorse13]

Hmmm, the one thing that has not been mentioned from this company is data integrity protection such as MD5 for instance. Assuming that everything is true and they have this unimaginable encryption scheme. Who cares if my main goal is to cause havock. I can simply modify the file destroying the contents and thus making the info useless to anyone who can unencrypt it. I'm just operating on the weakest link methodology

Anyone agree or disagree?

[xid]

1Mil bit encryption would be great, but anyone who's had to generate a pgp key for the max (4096 bit, IIRC) keysize knows it takes a little time on all but the fastest consumer pcs. Also remember that unless you have a NSA certified random number generator, or the lavalamp (love it) random number generator, or any other more-than-pseudo-random generator the randomness isn't really 'random' enough to be useful and can be cracked, especially when the patterns start appearing in such a giant key. I think Netscape's early SSL was cracked because their random number generation scheme wasn't strong enough.

[moby_duck]

this is all i have to say guys--and it hope this ends this thread so we can talk about more interesting topics in cryptography. when Bruce Schneier--that is, THE Bruce Schneier--calls Meganet and VME a bunch of garbage, it is. first, if you don't know who Bruce Schneier is, he wrote Applied Cryptography, is the founder of Counterpane Security, is the author of Serpent among other well-known ciphers, and is one of the most published and well respected experts on cryptography in the world. allow me to quote from

http://www.counterpane.com/crypto-gram-0302.html#4

Everything Meganet writes clearly indicates that they haven't the faintest idea about how modern cryptography works. It's as if you went to a doctor who talked about bloodletting and humors and magical healing properties of pyramids.

i suggest you read the entire article, and then the included links. it will be enlightening for you. perhaps then this thread can be moved to a discussion on pseudo-science.

[er0k]

weird stuff.. if they wrote it, im sure it can be broken eventually, it would just take a hell of a lot of time.

and erm.. drew.. what are AntPoints? is there some sort of ant forums around... or do you get points just for being an ant or what.

[moby_duck]

my apologies. Bruce Schneier was actually part of the Twofish cipher team, which was one of the top 5 candidates for AES along with Serpent, which was actually written by Eli Biham.

for those of you not in the know, the winner of the AES competition was Rijndael.

[roketman441]

i don't think anyhting is impossibele because they said it wasn't possible to hack into the fbi but they did it it just took a long time so it can be broken

[^Mobius^]

The solution to this problem has been turning over in my head for some time. The two trade offs...
A more secure encryption, which will require a longer key, or an easier to remember, and guess, key which means less security.

I got it figured out---I think.

You CAN have a short key, and one that's just as secure as a longer key. How, you ask?

Simple. More characters. Right now, we use the simple ASCII character based system, with 52 letters, 10 numbers, and various symbols, adding up to about two hundred total characters.

However, we could easily add new characters, and have the entire password entired through the monitor.

Add in all Greek letters, basic shapes, and other things...many more characters. We'll have a more complex system, which will be easy to do and remember. A-52-Omega-Square...etc. Pretty simple, no?

Another benefit to this is that if its on the screen, keyloggers wouldn't work as password grabbers anymore.

"But Daniel," you say. "Won't that leave a LOT of characters to scroll through before finding the one you need?" Not really. It wouldn't be any real problem to organize them by categories, and sub-categories. Fairly simple, I think.

What do you all think?