The Doghouse: Super Cipher P2P Messenger

Super Cipher P2P Messenger uses "unbreakable Infinity bit Triple Layer Socket Encryption for completely secure communication."

Wow. That sure sounds secure.

EDITED TO ADD (2/15): More humor from their website:

Combining today's most advanced encryption techniques, and expanding on them. The maximum encryption cipher size is Infinity! Which means each bit of your file or message is encrypted uniquely, with no repetition. You define a short key in the program, this key is used in an algorithm to generate the Random Infinity bit Triple Cipher. Every time you send a message or file, even if it is exactly the same, the Triple Cipher completely changes; hence then name 'Random'. Using this method a hackers chances of decoding your messages or file is one to infinity. In fact, I challenge anyone in the world to try and break a single encrypted message; because it can't be done. Brute Force and pattern searching will never work. The Encryption method Super Cipher P2P Messenger uses is unbreakable.

Posted on January 24, 2006 at 12:51 PM • 77 Comments

Comments

LeeJanuary 24, 2006 1:13 PM

So if this actually works, isn't it just overkill? Whats wrong with the regular stuff everyone else uses?

BLPJanuary 24, 2006 1:27 PM

From the author's website:

Combining today's most advanced encryption techniques, and expanding on them. The maximum encryption cipher size is Infinity! Which means each bit of your file or message is encrypted uniquely, with no repetition. You define a short key in the program, this key is used in an algorithm to generate the Random Infinity bit Triple Cipher. Every time you send a message or file, even if it is exactly the same, the Triple Cipher completely changes; hence then name 'Random'. Using this method a hackers chances of decoding your messages or file is one to infinity. In fact, I challenge anyone in the world to try and break a single encrypted message; because it can't be done. Brute Force and pattern searching will never work. The Encryption method Super Cipher P2P Messenger uses is unbreakable.

Questions/Answers:
Q: Some people say any encryption can be broken, what do you say in regards to that?
A: Obviously they are not mathematicians, technically you might as well guess, because your odds are one to infinity.
Q: How does it work? How are you able to generate an infinite encryption key?
A: Because the triple algorithm dynamically changes with each bit of the message, and continues to do so for every bit in the message, hence ever bit is encrypted uniquely!

Lou the trollJanuary 24, 2006 1:37 PM

Has anyone downloaded this here thingy and taken a trace on its communications?

Are we taken bets yet on when somebody posts the debucking scoop on it?

Lou the troll

Magnus NordlanderJanuary 24, 2006 1:37 PM

Ooh, and only $10!

Too bad you can do the same things with ssh. But then you won't get this really good encrypting which is unbreakable, and you won't be able to use an infinity bit key...

But on the other hand, the program is an infinity times more expensive than ssh...

Vasya PupkinJanuary 24, 2006 1:40 PM

They even did't specify what encryption algorithm is used... Typical Snake Oil.

Lou the trollJanuary 24, 2006 1:44 PM

Actually, I've just changed by customer P2P messenger to 'randomly' flip my bits. lol... So there!

Lou the troll

Heiko WundramJanuary 24, 2006 1:45 PM

Wow. There's people who actually believe in this crap and buy software from guys like this who seem to not get the basic mathematics behind encryption (something like random encryption is impossible, as you'd loose your data in the process).

I say: same punishment for people who defraud others with provably misleading or simply plain wrong statements like this as for those who try to sell stocks.

Carlo GrazianiJanuary 24, 2006 1:55 PM

"Infinity-Bit Triple-Layer Socket" is an anagram for "Pity Nifty Kit Terrible Snake Oil"

Nick JohnsonJanuary 24, 2006 2:17 PM

And just look at the caliber of the other software he's written! Whatever would we do without another duplicate file finder, or 'net send' GUI?

The messenger also has in its feature list:
"Double buffer multithreaded proprietary file transfer protocol is the fastest in existence."

One wonders how he verified this.

Tim VailJanuary 24, 2006 2:27 PM

Carlo...

That is awfully close to a valid anagram. But I only see one 'r' in the first sentence, and two 'r' in the second.

RichJanuary 24, 2006 2:37 PM

From his resume:

Developed the worlds first “Super Cipher Random Encryption��? Algorithm, an Infinite bit encryption algorithm that cannot be broken.

RvnPhnxJanuary 24, 2006 2:52 PM

People will buy (and elect) just about anything if it is marketed well enough.
End of story.

AndrewJanuary 24, 2006 2:55 PM

When I read stuff like this, I often imagine that most intelligent non-specialists will read it and think "well, OK, it's marketing puffery, and I'm sure his product is no better than anyone else's...but he's thought about the problem, so it's probably no worse, either."

We're so used to being lied to by marketing that it is no longer even particularly offensive.

Carlo GrazianiJanuary 24, 2006 3:10 PM

Hi Tim.

The "r"s are OK -- there's an "r" in "triple" and another one in "layer". But there are too many "k"s in the anagram. Should have checked.

How about "If I ply snake oil, bet cretin try it"?

TNTJanuary 24, 2006 3:22 PM

The "duplicate file finder" of his is just as hilarious. It states that it compares all the files byte by byte, "which ensures 100% accuracy"... wow. You mean:

file 1 -> compare byte by byte with all the other files
file 2 -> compare byte by byte with all the other files

Etc. I wonder how much it's gonna take me to find duplicates on my whole C drive, but hey, the results will be reliable.

Hug ItJanuary 24, 2006 3:23 PM

I couldn't find any information on how this super secret software handles key exchange. With all the talk about how great his encryption is it seems strangely not address. Hell, I can write a messenger program that encrypts the information so good NOBODY can read it but that really doesn't do a lot of good. =)

CODJanuary 24, 2006 3:25 PM

Actually, I think this would be the most secure email encryption program ever developed. When you click encrypt and it starts processing to infinity bits...it's never actually going to send the message! A message never sent can't be intercepted or compromised, right?

Nobby NutsJanuary 24, 2006 3:35 PM

You people are sooooo cynical. It doesn't (in the quote above, CBA to RTFA) say anything other than it uses a bit of infinity for its encryption. How big a bit?

BWJanuary 24, 2006 3:49 PM

I'm /almost/ tempted to download it and give it a try, just to see what it really does, but I don't think I actually trust it anywhere near my machine.

steveJanuary 24, 2006 3:54 PM

Hey, but version 4.0 from the author's homepage seems to be worth a look:

"Replace your unsecured VPN with a far less complicated, single application solution!" What I've been searching for.

And consider this: "SMART Dynamic MTU adjusting for maximum speed transfers."

"Customizable Encryption Key." Are we lucky or what?

"Obviously because of the high encryption this program uses distribution is limited to United States encryption export laws." Awww... Shit. :( Remember how long it took from 40bits to 128bits? For infinity bits it seems like we could wait forever ;)


have a nice day and a laugh everyone
steve

TimJanuary 24, 2006 3:57 PM

Love the version history:

Super Cipher P2P Messenger Version 4.0.0.0 Beta20 01/01/06
• Fixed a bug which was limiting file transfers to only 8 Exabytes, instead of 16 Exabytes.
• Added text for Petabyte (PB) and Exabyte (EB), when a file or folder size is over a Terabyte.

Nobby NutsJanuary 24, 2006 4:14 PM

@Erik

Naaa, it's got a triple layer socket, so it must use the first three bits, one for each layer.

RyanJanuary 24, 2006 5:34 PM

The really crummy thing is that being linked by Bruce's blog probably increased his Google PageRank significantly. So more people will be sucked in. Bruce, can you add a "nofollow" tag to that link so Googlebot doesn't think you actually like this garbage?

RyanJanuary 24, 2006 5:46 PM

Too late as far as Googlebot is concerned... this snake-oil is already #11 on google when searching for "P2P encryption"

jammitJanuary 24, 2006 6:40 PM

I feel ripped off. I paid $20 for my double applied rot-13. Infinity bit? What is that, varying shades of "1" and "0"? Is infinity a mersenne prime? Is it easy enough for a squid to use?

evopJanuary 24, 2006 7:29 PM

Doghouse posts are good stress relief, but I wonder - When is the last time Bruce posted a Doghouse?

I conclude one of two outcomes from that query:

1. Bruce isn't finding enough dogs.
2. There aren't that many dogs left alive.

Snake oil key size choices still absent from the media:

1. Graham's number, which is less than infinity, but still really, really big (for the number theorists).
2. Infinity * infinity (for the arithmetically inclined).
3. Cantor's F or c^c (for the set theorists).
4. A hyperreal x, that has |x| > n for all integers n (for the non-standard analysis crowd).
5. The number of the last room in a Hilbert Hotel with aleph-naught new guests (for the classicists; wait a sec, isn't that . . .)

Have I missed any?

evop

LeeJanuary 24, 2006 8:20 PM

I want to know who's planning to transmit a petabyte file over the internet? Will it compress enough to fit on my 80gb drive do you think? :-P maybe he should add uber-triple-compressomatic technology into his next release.

AnjrewJanuary 24, 2006 8:33 PM

@Bruce: I'm surprised you don't use a rel="nofollow" attribute on all your doghouse links. See www.google.com/intl/en/webmasters/bot.html#noindextags if you need a reminder...

David DonahueJanuary 24, 2006 9:02 PM

This is totally unfair, if it really used an inifinite size key that completely random, then of course it would be secure.

There are only a few problems with an inifite sized key:

1) Key storage (Assuming it's symetric it would require 2X Infinite sized disks)
2) Key distribution would require an infinte amount of time to complete regardless of the speed of the transmition link.
3) Assuming the whole key is used to encript each data block, the operation would take an infinite amount of time to complete before you could transmit the first bit of data.

However is does have the advantage that it is infeasable to break an infinite sized key with current cyptoanalitic techniques.

lupidJanuary 24, 2006 9:21 PM

" 2) Key distribution would require an infinte amount of time to complete regardless of the speed of the transmition link. "

This is only true if the key is secure. Consider two keys: The number Pi, and the decimal expansion of one-seventh. Both are infinite-bit, but one can be transmitted instantly (and is insecure).

B-ConJanuary 24, 2006 9:54 PM

I bet the NIST is regretting that they rushed Reijndael in and wish they'd just waited for the release of this.

A GlasselJanuary 25, 2006 1:09 AM

I don't know how they did it, but it is taking to infinity to decode the message I received

Taneli HuuskonenJanuary 25, 2006 3:29 AM

@Carlo Graziani:

> How about "If I ply snake oil, bet cretin try it"?

Not bad. I came up with "Itty bitty snakeoil filer, nice PR" myself.

@lupid:

Both pi and 1/7 can be transmitted in a finite (actually quite short) time, and both are insecure.

Paul HarrisonJanuary 25, 2006 4:22 AM

Sounds slightly garbled, but might plausibly be secure. Generate a non-repeating sequence from a smallish key, xor with text.

What's the bet he's using Triple DES?

MTU adaptation... Linux has been doing that for ages. Estimate the largest MTU that will survive the whole trip without getting fragmented. Slightly reduces overheads from packet headers and such.

Claims are plausible. There is even a chance he is not lieing. The claims are merely unremarkable.

Well, apart from the fastest file transfer in existence bit.

Stoat-racerJanuary 25, 2006 5:02 AM

His resumé is modest too:

Material Accomplishments:

Written in C++ the Only Peer to Peer Messenger Program with a user definable encryption keys, and unbreakable encryption.

· Developed the worlds first “Super Cipher Random Encryption��? Algorithm, an Infinite bit encryption algorithm that cannot be broken.

· Developed the worlds first “On the Fly��? infinity bit Encryption Algorithm for file transfers.

· Developed the worlds first Video Multiplexer that draws less than 1uA

· Developed the worlds first Windows Remote Access software that can communicate through any outgoing firewall and proxy.

Richard BraakmanJanuary 25, 2006 7:08 AM

I don't know, it sounds pretty impressive that he encrypts every bit uniquely. Mine just get encrypted to 0 or 1, every time. It's pretty boring.

BaldyJanuary 25, 2006 7:44 AM

@Paul Harrison: "What's the bet he's using Triple DES?"

From his site:

"You define a short key in the program, this key is used in an algorithm to generate the Random Infinity bit Triple Cipher. Every time you send a message or file, even if it is exactly the same, the Triple Cipher completely changes; hence then name 'Random'"

Sounds suspiciously similar to 3DES encryption, with the key generated from a password, and a randomised IV sent with the file to me. Wonder if he's read Bruce's "Practical Cryptography" - particularly the bit about "Once And Once Only" for "random" IV's...

Tom ServoJanuary 25, 2006 8:30 AM

Since everyone's warmed up on ripping secure IM ideas apart, is anyone willing to do this on mine? I'm planning some IM client that offers message level security if two of my clients (or compliant ones) talk together, using any ciphers offered natively by the .NET framework.

That's the boring part. The whacky thing is that I want to offer OTP support. I need however to exchange a hash of the entropy file including an index value. How insecure would this be? This will very likely happen using public key encryption, though.

And how about that OTP data recycling idea of mine? I had the idea when the pointer's nearing the end of the shared entropy, I'd make the affected client gather more entropy and send it to the other client encrypted with the remaining initial entropy, so that both clients can remix (new = old XOR entropy; plus some other stuff) their old stuff with the new entropy, to allow the message sessions to continue until new data was shared. The client would obviously tell the parties that the data's insecure from that point.

Thanks.

Dr. ZorbaJanuary 25, 2006 8:40 AM

Buy my product instead. It uses the really totally unbreakable Man-Woman-Birth-Death-Infinity bit Quadruple Layer Socket Encryption. AKA the Ben Casey algorithm. ;-)

PhilJanuary 25, 2006 9:21 AM

Anybody else notice that the download site includes the ability for users to enter reviews of the software? Some reviews that include discussion of cryptography might be in order...

Erik NorgaardJanuary 25, 2006 9:51 AM

The interesting thing is that if you filter out the funny bogus word "super cipher infinity bit"-stuff, it seems to be very similar to skype:

"Nobody’s listening in.

When it comes to talking, instant messaging or transferring files, we’ve gone to great lengths to make it secure. Skype automatically encrypts everything before sending it through the internet. Likewise, on arrival everything is decrypted on-the-spot and presented as crystal clear speak, text or a file transfer nobody can intercept."

It is well known that Skype relies on proprietary protocols and do not publish anything that allows external evaluation. Their security is only claimed security.

And also on the news: So now I got that infamous super cipher p2p - but who can I chat to? Are there any other users? He leaves no impression of compatibility with other existing protocols or p2p services. Even if my chats would be unencrypted when the other end does not support the super cipher it would probably be a good thing to support to gain adaption...

Erik NorgaardJanuary 25, 2006 11:25 AM

@Aze

Thanks for the link, I did actually go to the site and look for more than just a quote to put here, but I found no link "read the full security evaluation".

My reference was a column published by Scott Granneman on Securityfocus, http://www.securityfocus.com/columnists/357 now I also see that his column predates the document you refer to.

So, I apologize for the outdated basis of previous post.

cyphertubeJanuary 25, 2006 1:51 PM

Of course, any decent business person would check out the company. Oh wait, it's him.

And then, of course, check out his particulars, which he happened to publish.

http://www.brooksyounce.com/resume.htm

Given his general lack of experience, perhaps he really thinks it's all that. But given that he's listing awards from school, well, I don't think any real business would consider this worthwhile.

Martin KraemerJanuary 25, 2006 2:12 PM

Just hilarious! Great read so far.

But I think the software author should better invest some time in math / cryptography than writing such exhaustive resumes. ;-)

AcronymousJanuary 25, 2006 2:21 PM

Q: How does it work? How are you able to generate an infinite encryption key?
A: Because the triple algorithm dynamically changes with each bit of the message, and continues to do so for every bit in the message, hence ever bit is encrypted uniquely!

Sounds like CBC feedback to me.

One does wonder how key-transfer occurs, though.

David DonahueJanuary 25, 2006 6:03 PM

To test his technique, I decided to create my own infinite encryption key for comparison. It's going really slowly though (still 0%) so I'll have to get back to you when it's done.

Geez... This key generation seems to be taking FOREVER...

scosolJanuary 26, 2006 2:57 AM

sheeit- the p2p messenger i developed uses my proprietary holy-trinity-obscurity-engine. it replaces all words with alternates on the fly whilst maintaining basic standards of grammar- while i might instruct the recipient to "deliver the AKs to the al qaeda operative in the UAE", my message gets translated to "take grandma and her anal polyps to st paul's"
UNMOTHERFUCKINGBREAKABLE

RichJanuary 30, 2006 1:45 AM

Yet another proprietary encryption software that promises the world when open source can get the job done just damn fine.

Ari HeikkinenJanuary 30, 2006 1:54 PM

If anyone's to take your cipher seriously you have to provide an analysis how your cipher will resist currently known attacks. If you can't provide such analysis you can't design a cipher. It's that simple.

JohanJanuary 31, 2006 4:31 AM

Maybe the NSA should give him a job? After all - he can give network nodes one-time pads without actually transferring it.

I'll take a bet he pirated the icons for the application from MSN.

The sad part is he will probably impress someone from an employment agency and walk into a work with a higher pay than ours.

Moral of the story - bullshitting pays. That is of course till we download everything from his harddrive, use his credit cards in various illegal activities and marry him to a guy in Uzbekistan.

ali bleiweissFebruary 10, 2006 4:47 PM

Hi people out there if you have msn i am telling you right now that msn messanger is better then aol

AnonymousFebruary 15, 2006 11:31 AM

I emailed the author and he said the closest thing to his encryption was one-time-pad.
I have experience with 3DES & Blowfish cracking so I decided test this guys claims...
I transmitted word "Hello" multiple times and used Ethereal to examine the Programs data packets, then wrote a small app to try and brute force decrypt the data...
The data did looked completely different every time, and after a few days of screwing with this I was not able to decrypt my stupied Hello message.
Even with 50 or so gathered encrypted packets, all with the same message, I could not visually find any of them that had any patterns between each other.
You guys need to check out the data packets with Ethereal, or some other sniffer. I have to say, I thought it was bullshit, but it actually is very impressive.

Mike SmallwoodFebruary 15, 2006 11:33 AM

I emailed the author and he said the closest thing to his encryption was one-time-pad.
I have experience with 3DES & Blowfish cracking so I decided test this guys claims...
I transmitted word "Hello" multiple times and used Ethereal to examine the Programs data packets, then wrote a small app to try and brute force decrypt the data...
The data did looked completely different every time, and after a few days of screwing with this I was not able to decrypt my stupied Hello message.
Even with 50 or so gathered encrypted packets, all with the same message, I could not visually find any of them that had any patterns between each other.
You guys need to check out the data packets with Ethereal, or some other sniffer. I have to say, I thought it was bullshit, but it actually is very impressive.

AnonymousFebruary 15, 2006 12:54 PM

This guy is posting here! Look at the previous post! It's Brooks Younces sockpuppet!LOL This guy is hilarious!
"I emailed the author and he said the closest thing to his encryption was one-time-pad."
This guy has invented an OTP without the P (but it's still OTP) LOL
"I have experience with 3DES & Blowfish cracking so I decided test this guys claims..."
Show me your papers!You are sooooo famous!
"I transmitted word "Hello" multiple times..."
Wow this is the most advanced cryptoanalyse ever! NSA will trace and kill you! Run!!!
"The data did looked completely different every time"
OUTSTANDING or better IMPRESSIVE!
"...I could not visually find any of them that had any patterns between each other"
You are Johnny Mnemonic, right? Did you cryptoanalyse 3DES an Blowfish in the same way?

Your skills are so damn l337! You should work for NSA!
This guy is hilarious! ROTFLMAO

AnonymousFebruary 15, 2006 6:21 PM

If you are so damn smart, break the encryption, and post some examples in here of how you did it.

AnonymousFebruary 16, 2006 11:17 AM

"If you are so damn smart, break the encryption, and post some examples in here of how you did it."

Hello Brooks! Is that you? Genius that created Triple Cipher super ultra maximum infinity random bit trylion sockets totally unbreakable encryption?
I like you men... really! You are hilarious! :)

AnonymousFebruary 17, 2006 9:42 AM

This really makes you wonder if everything you read on the Internet is true or not ;)

Why doesn't someone just take the time to break this and put the dog down...

anonymous1April 30, 2006 2:28 PM

yeah what anonymous said! Lots of hot air here debunk the darn thing and quit yapping about it fools. and no this isnt the author.

MikeMay 3, 2006 1:50 AM

I have used this program and it works great!!!! I read through all of this trash talk and not 1 single person has cracked his encryption. Hmmmm...... either your all stupid or his program actually works! Now, I know you all are not stupid, are you?

BobMay 3, 2006 2:07 AM

well no one has posted how they "broke the encryption" I guess the brainiacs finally acquired suitable day time employment. A word to the wise folks no matter how much you know about a subject there is ALWAYS someone out there that knows more than you do! Most people thought Nikola Tesla was crazy in his time. If it wasn't for his thinking "outside" the box most of you lab rats would not be sitting at your little computer terminals thinking up something funny to say. Enough said I have wasted more of my time than you folks deserve.

AnonymousMay 27, 2006 7:22 PM

You are still here with your sock puppets Brooks?!
You are our new Nicola Tesla! Our genius!
Like I said-you are a funny form of life :)
You can stop posting your crap now... Nobody will read it... except me because I just like to tease you :)

PS. Oh you poor thing, you actually stopped to sell your crappy program!
And there was much rejoicing... Yey!

EinsteinOctober 27, 2006 12:54 AM

I think its a real good idea to patent before the real come out. But.... How can you encrypt a single bit randomly and decrypt it and know what is the random formula if you dont ever know what is the resulting formula. Do you send the formula itself with the single bit? Or guess it??? Make no sense.

AnonymousJanuary 1, 2009 2:49 PM

A chaotic stream is NOT a random stream.
Rainbow table attack combined with known plaintext attack should be enough to crack it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..