Re: THE MEGANET CHALLANGE
From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 09/20/03
- Next message: Francois Grieu: "Re: Has anyone really cracked anything recently?"
- Previous message: Tim Smith: "Re: TRUE ONE TIME PAD vs. ONE TIME PAD"
- In reply to: George Ou: "Re: THE MEGANET CHALLANGE"
- Next in thread: George Ou: "Re: THE MEGANET CHALLANGE"
- Reply: George Ou: "Re: THE MEGANET CHALLANGE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Sep 2003 10:18:43 +0200
George Ou wrote:
>
[snip]
> It's Meganet's job to prove that the VME algorithm is secure. It's
> Meaganet's job to prove that their implementation is secure. I looked
> at their site and it was pathetic. I suppose there are lots of people
> dumb enough to fall for this crap who happen to control some purse
> strings.
>
> What the hell is the big deal about some encrypted file. Any half ass
> encryption algorithm under the right conditions with the right file
> picked would be unbreakable. Hell, probably a 128-bit XOR algorithm
> could make that claim. The problem is how does it hold up under all
> conditions in public use? Is it suppose to be some kind of Public Key
> Crypto? Is it just a symmetric crypto?
>
> No one has even come close to breaking a properly designed 96-bit
> symmetric key. Meganet makes it sound like they're the only algorithm
> in the world that can claim that they haven't been cracked. They must
> be trying to compare VME to DES.
But look at the press release at their site. As I explained
in other posts, their software (strangely/ununderstandably)
'contains' AES and 3-DES! So, in fact they could have quite
convincingly argued that their product is secure, though
in order to do that they would have to be 'explicit' about
the 'containment' of AES and 3-DES and that would have put
them (unavoidably) into the difficulty of explaining 'why'
they are 'mixing' these standard algorithms with their
proprietary (secret, own) algorithm named VME. I think what
they do could be roughly described packaging AES and 3-DES
with some arbitrary stuff (their own VME) and calling the
whole as a brand new stuff, namely (globally) VME, so that
they could have a particular 'name' to exclusively sell
the software for profit. (Simply providing a sufficiently
good user-interface to AES or 3-DES instead wouldn't
sell that well, since there are competitions, including
those from free software.)
Besides the questionability of the nature of such a
marketing tactics, there is a clear danger for the users.
For, since the entire package is proprietary and thus
its contents are hidden from the public, one doesn't know
whether AES or 3-DES is used correctly in it and whether
AES or 3-DES is always being used at all in all cases
of application. If what is done is indeed (always)
a multiple encryption of AES or 3-DES with their own
algorithm VME and AES or 3-DES is correctly applied, then
the security would likely be o.k., since the involvement
of VME presumably could be ignored for practical purposes
in this consideration. But note that they don't tell
in clear words what their product really is. One has to
'infer' through indirect evidence that AES and 3-DES
are in there. The presence of such dubiosity in their
marketing alone suffices to disqualify their product for
real applications in my humble view.
M. K. Shen
- Next message: Francois Grieu: "Re: Has anyone really cracked anything recently?"
- Previous message: Tim Smith: "Re: TRUE ONE TIME PAD vs. ONE TIME PAD"
- In reply to: George Ou: "Re: THE MEGANET CHALLANGE"
- Next in thread: George Ou: "Re: THE MEGANET CHALLANGE"
- Reply: George Ou: "Re: THE MEGANET CHALLANGE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
