Schneier on Security

"They announce it, are uniformly laughed at, and then disappear."

hmm, perhaps they are one in the same... rinse, lather, repeat...

Israel Torres

Thanks for posting the link to your essay on one-time pads. I noticed a reference to the historical use of OTP, replacing a system using memorised poetry. The use of codes for special agents in Occupied Europe at this time is described by Leo Marks in his book "Between Silk and Cyanide" which is a history of his part in improving WW2 cryptosystems. It is an incredibly funny and heartbreakingly poignant memoir. When we get weary of studying algorithms and tables, this book brings back to us that there is a human dimension to the field, and that sometimes there was a stark choice. If the silk (of the OTP) was not available, an agent might have to use his or her cyanide capsule to escape torture and death.

Peter in Canberra

I think it's mostly because "everybody knows" that "One Time Pads are Uncrackable". It's an ultimate, therefore if you are either consciously or unconsciously trying to pull a fast one, you head straight for the ultimate, instead of the plausable.

Same thing as nobody sells a pill that makes you a little more... ehrm... studly. It has to enlarge your tool *and* increase production, durration, and everything else. ;)

History warns us to not trust anyone who says "Trust Me" and to not believe there is an "unbreakable" cryptosystem. Yet, we still have pushy salesmen ...

Contrary to Mr. Schneier's comments, Vadium Technology, Inc. is not poping out and hiding again. We have designed, implemented, and have patents pending on the AlphaCipher System technology and peripheral developments that have long-since overcome all of Mr. Schneier's objections (and many others, more significant) about OTP Ciphers in practical computer-based usage for specific applications. Vadium has completed several contracts and AlphaCipher is being used as intended by design, in high-level crypto applications in sensitive areas. Publicly, Vadium is launching international marketing for the COTS AlphaCipher Product Line and the public announcements, press releases, and associated support from retired and currernt U.S. and foreign respected crypto authorities will be released as the international commercial debut accelerates through 2005. One of the first examples of this campaign is the airing of a segment on Gen. Haig's excellent show, "World Business Review" in October. We at Vadium are dedicated to creating a new future for cryptography, not repeating the past. It appears that the information sources available to Mr. Schneier are considerably behind the times not only in the knowledge that OTP Ciphers are the future of cryptography, but in current events, as well. For those who remain skeptics of the usefulness of OTP Cihpers, we suggest sitting back in a comfortable chair and watching what happens next.

Is anyone going to respond to Mr. Hammersmith's comment? You can't just let something like that stand, can you?

I'll be in my comfy chair.

"sources available to Mr. Schneier are considerably behind the times not only in the knowledge that OTP Ciphers are the future of cryptography, but in current events, as well."

How can a OTP be the future of cryptography? This is by all one can see, a step backwards.
One time pads are a very hard system to implement well, and many would be cautious to pick it up.
If you can pull it off, not just commercially, but securely, then props to you, but surely a OTP system cannot be called the 'way of the future'

Dan and AC, I apologize, but to be extensively involved in a forum here is not productive for Vadium. We spend our time with clients who already know the value of OTP Ciphers right now, see it in the future, and are working with us to develop new technologies and are currently using our existing products. Educating those who are adamantly opposed, or just curious without a purpose in mine, will generally have to wait until the beach head for this paradigm-breaking, disruptive technology expands. However, I did post a comment and I will reply for a short while to those who took their valuable time to write. Be aware that we normally do this in a technology briefing where we can interactively answer questions, and so we will eventually post a briefing PDF for download at www.vadiumtech.com that will address most issues. Briefly, it is impossible to assert that any one individual will not betray their assigned level of trust and so Vadium does not address the qualification of personnel - we leave that to our clients. No software program running on a computer connected to any type of net or running in an open environment is secure. Even power lines can provide a door into a otherwise secure system. Vadium does not address that in its software products and in fact, the field security procedures are written by our clients and ACS fits in perfectly with these. One solution now in use by our cilents (and different clients have other solutions as well) is to apply Air-Gap Procedures (AGP). There are various designs for AGP using AlphaCipher Systems (ACS). In one design, new laptops or a laptop is/are purchased from random sources and checked in to a secure room (specs vary, but generally a US Spec-rated SCIF (Secure Compartmented Information Facility) is provided by the client. KeyGen, the separate key generating component of the ACS is uploaded, a RNG approved by the client is connected (or bytes from an approved RNG are used) and keys are generated by approved personnel. The laptop then goes into a shredder resulting in particles of plastic and metal no larger than 1 cm in volume. These particles are then heated to the point of liquidity or vaporization for all subtances. The drive containing keys is shielded and the client-qualified person leaves with their key sets. All of the other attackers that prey on the keys and the secret holders now do their best with various degrees of success, but these defenses are handled by our clients. And now to your point: Our experiences in working in deeply within the high-security world are accelerating our development of OTP Cipher Technology tenfold. The basic job of ACS is to provide truely random keys and a fast, convenient method of key management and control, both internal and by procedure, that takes the complexity of the use of an OTP Cipher out of the user's hands. By keeping our focus small, by doing one thing very well, by providing key management, controls, and stable key hierarchies that are easy to use, we see paths for not only COTS (Commercial Off-The-Shelf) applications but the groundwork for large-scale encryption solutions. For the moment, ACS is not a cipher for use by the masses, and with all due respect to Mr. Schneier, he was right in that regard. But then masses don't generally need to encrypt secret and above, or high-dollar value data that ACS is being used to encrypt now. With the powerful, creative minds we have engaged, we already see solutions to the mass encryption problems with OTP Ciphers and are working on the engineering and have filed patents to make this a reality. Ten years ago people told me that they absolutely knew that 5 Gigs of fast memory would never be as small as a postage stamp, and yet I have one on my desk (and 5 Gigs of ACS Key goes a long way with our compression-before-encryption process). What will people absolutely know in ten more years?

Could you possibly post that in a paragraphed format so that it's worth reading?

Pathetic incomptence.
Look at the picture on page 5 of http://www.vadiumtech.com/images/AlphaCipherOverview.pdf. AlphaCipher is claimed to be by far better than "classified government ciphers" which in turn are better than 4096 bits RSA, which in their opinion is equivalent to... 1024-bit AES.

As Nicolas Courtois points out, the AlphaCipher PDF brochure doesn't exactly inspire confidence. Another clanger is that, according to Vadium, within 7 years computers will be fast enough to brute force any non-OTP cryptosystem, including AES (which has up to 256 bit keys!).

Quote: "Over the next decade there will be new, revolutionary advances in the speed and processing capabilities of computers. This revolution will be led by stunning new advances in mathematics, parallel processing, and Quantum computing. Within the next six months computers will be running at clock speeds in excess of 50 teraflops and speeds of nearly 200 teraflops are predicted within five years. It has been estimated that pentaflop speeds will be achieved in the next seven years. With computers running at these speeds, it will be possible to break any crypto systems (RSA, PGP, AES, DES and Triple DES, etc.) not based on an OTP cipher in a relatively short, practical period of time."

By "pentaflop", I presume they mean a petaflop, which is 10^15 floating ops per second. For the sake of argument, let's be conservative and assume that testing a key takes time equivalent to one floating point operation. Let's also assume that we have a billion petaflop supercomputers at our disposal. Pushing the numbers through a calculator, I get that such a brute force effort could recover a 128 bit key in the "short, practical time" of 10 million years.

Matt's math is correct with regard to brute-forcing a 128-bit key (give or take a multiple of 2). However, his argument is weakened slightly by his interpretation of "break any crypto systems" as 'brute-force'. There are other ways to break a system, no?

Sure, I did interpret "new, revolutionary advances in the speed and processing capabilities of computers" as a reference to brute force attack. You point out that there may be other ways to break a cipher. This is true, but I don't think we know of any way to break 128-bit AES faster than brute force. Vadium might have been arguing that a devastating attack on AES _will be_ found in the next 7 years (maybe "stunning advances in mathematics"). But they simply assert this as a known event, when, in fact, nobody knows.

Vadium argue that people need OTPs because current ciphers *will* be breakable in a "short, practical" amount of time within 7 years. This can only be FUD: there is no evidence to justify this assertion. Moreover, they strongly imply that current ciphers will be breakable because of advances in computer power. The above calculation (oh, and yes, divide by 2 for the average case) just points out that petaflop computing power alone isn't going to render current ciphers insecure.

AlphaCipher is best used to encrypt data that is worth "$$$$$$$$$$$$$$" or has the damage potential of causing a governmental, military, or corporate collapse? I saw the graphs on page 5 and I'm still not buying it. Only a few lines above it is says "However, when used properly, it significantly reduces the risk of critical data being compromised." To me, it sounds like the sort of warning label found on a condom. I think one of the potential problems is that the information is stored on physical media which means if the CD or USB ReDrive gets broken, lost, stolen, or erased you're screwed right? Even so, the encryptions used in AES and RSA are monsterous, and I really do not see how they're system is any better then then what we have now.

They claim a patent is pending. So let's look it up. Anyone
know the patent number or whatever it takes to see the patent
application. That should reveal all.

Eric: A quick search on http://www.uspto.gov shows three pending patents. 20030016821 is my favorite -- "One-time-pad encryption with keyable characters". Basically, they're trying to patent the use of a OTP key that one can enter on a keyboard.

As Nicolas Courtois points out, the AlphaCipher PDF brochure doesn't exactly inspire confidence. Another clanger is that, according to Vadium, within 7 years computers will be fast enough to brute force any non-OTP cryptosystem, including AES (which has up to 256 bit keys!).

Vadium apparently is using outdated material here. AES has been easily compromised. Also, Quantum computing breaks a 100 digit integer within 1K math operations and this takes just a couple of minutes.

Time to sit in your comfortable chairs and eat a sandwich, maybe one with a little crow in it?

Vadium is very much alive.

Now that a quantum computer chip has been developed does anyone care to recognize the validity of the "one-time pad" cipher, AlphaCipher of Vadium as the only remaining unbreakable cipher system?

I saw Vadium at a conference recently. Their reps were ignorant of even the most basic block diagram of competing products, keys have to be centrally managed, they are generated using the key generating computer's random numbers generator (a shaky proposition), they wouldn't address concerns about security during key distribution, and the answer to a compromised key was to void out issued key material and reissue new materials (a serious logistical and security consideration). They would not address the lag time between compromise and discovery of compromise.

I wouldn't bet my life or livelihood on it.

"Now that a quantum chip has been developed..."
Well, not really. High-strung, fragile lab chips of a few bits that avoid decoherence for a few microseconds or milliseconds have been demonstrated. My old slide rule is still more versatile.

"Unbreakable cipher system"
Well, not that either. Key distribution? Security of archived messages? Key invalidation? User autonomy and confidentiality? Multicast? Who can I bribe? A "system" is a lot more than cleartext-in:ciphertext-out.

And, depending on how badly the "random" maxi-pad was generated, it's a sophomore exercise to recreate the rest of it independently. I want to know just exactly how random those random numbers are. Otherwise that quantum (i.e. magic) computer can reproduce the pad as easily as it could crack any deterministic algorithm.

It has been some time since I have responded. During that time, AlphaCipher Systems have been proven effective and are in use by our Government and foriegn goverments as well, and some fortune 50 companies. While the distribution list grows, it should be noted that every government institution and corporation that has purchased AlphaCipher Systems has perfromed their own extensive evaluations under Vadium's "Verified Trust" policy whereby AlphaCipher Source Code can be openly reviewed and compiled by Vadium's clients into the products they use.

KeyGen, the system that creates AlphaCipher's Key Sets, has been purchased by foreign governments under the export laws of the United States, and has been operating successfully with zero problems for over 5 months with one major client, producing high-qualty random keys to hundreds of stations without error.

In answer to the misinformation posted above by "V," the source of most AlphaCipher Keys made today is from radioactive decay, or generators approved and purchased by Vadium's clients. Vadium does not manufacture random generators, and does not sell random generators to our clients.

There is much more that is inaccurate posted here, so rather than spend time here, I suggest that those with questions contact Vadium directly and request an in-depth demo.

In closing, with the release of the 80-core chip and NASA's D-Wave chip, with the promises to come in 2008, I beleve we'll all see tremendous changes in crypto very soon.

PKC anniversary event provided insights into the past, present, and future of cryptography

12/21/2006 Excerpt

On quantum computing, Brian Snow (retired technical director of the NSA) pointed out that the NSA had studied the possibility of quantum computers and initially set out to prove that it was impossible. But the harder the NSA studied, the more it came to the conclusion that quantum computing was simply a massively difficult engineering problem that may eventually be solved. He went on to warn that when quantum computing becomes a reality, it could severely compromise existing encryption algorithms (used for bulk payload encryption) and public key crypto algorithms (used for key exchange)…

Public key crypto key exchange algorithms, such as Diffie-Hellman and RSA, would essentially be "flat lined" by quantum computing, rendering them completely broken. This is an "open problem," Snow said, and he implored the research community to come up with public key crypto algorithms that could withstand a future quantum computer attack. At this point, Diffie said that some of the public key crypto research on the "lattice system" could potentially withstand an attack from quantum computers. I asked Snow about this via e-mail and he responded that it might work conceptually, but that it has "known problems under TRADITIONAL computing." He said that a lot of research still needs to be done.

See full story: http://articles.techrepublic.com.com/5100-1009_11-6145490.html

Rather credible folks appear quite concerned about security of traditional cryptography.

Any comments?

The future is now and sticking one's head into the sand will change the reality of quantum computing making all but the one time-pad system antique computer technology.

........should be.... will not change the reality of quantum computing making all but the one time-pad system antique computer technology.

It seems as though Mr. Schneier should be 'weighing in' again on this subject. 2004 is ancient history in computing terms. Mr. Schneier, considering Vadium's continued march into the marketplace (no disappearing act, as suggested), are your comments still valid? I believe as resident expert a fresh look at this subject is required.

The comments of Mr. Schneier were based on outdated thinking and ignored the advances occurring. Vadium carries the standard and is being recognized as such on an ever increasing basis. Vadium's AlphaCipher is the premier method, unbreakable and will be for many many years to come.

4 years adds 3 bits to required security levels, so AES and other existing ciphers are still secure.

Even if quantum computers could be scaled up from around 20 bits of storage to something useful, Grovers algorithm only halves the security levels, so 256-bit AES would still be secure for the next 10 years.

On the other hand, AlphaCipher has problems with key generation, distribution, and revocation which make its use essentially impossible in almost all situations.

It's somewhat tiresome, once again, after the extensive client validations, subsequent purchases, and use of AlphaCipher products and SDKs by U.S. and foreign Governments, U.S. and foreign Military, corporations, and Police agencies all over the world, to see more uninformed comments like this emerge. Jonathan is completely incorrect, of course, having no knoledge of KeyGen 100 and 1000 appliances. Anyone who wants real facts and product information should make an inquiry to info@vadiumtech.net. AlphaCipher products are not only proving themselves to be strong, viable applications, but they are proving by sales that there is a rapidly-growing worldwide marketplace (in 21 nations, to date) that demand unbreakable AlphaCipher products and are looking forward to near-future releases of iAptus(tm), RECOGNOS(tm) and real-time VOIP products in development at Vadium and with significant international partners. Come and see! We're here to help.