The Doghouse: Privacy Inside

I'm just going to quote without comment:

About the file: the text message file encrypted with a symmetric key combine 3 modes

1st changing the original text with random (white noise) and PHR (Pure Human Randomness) shuffle command , move and replace instruction combine with the key from mode 1 (white noise) and 2 (PHR)

2nd mode ­ xor PHR - Pure Human random ( or ROEE Random Oriented Enhanced Encryption) with a TIME set of instruction , and a computational temporary set of instructions to produce a real one time PAD when every time ,

Text will transform to a cipher the last will be different

3rd mode ­ xor WNS - White Noise Signal with a TIME set of instruction , and a computational temporary set of instructions to produce a real one time PAD when every time ,

Text will transform to a cipher the last will be different

4th Reconstructs file, levels and dimensions to a
this is a none mathematical with zero use of calculation algorithm - so no brute force , Rainbow Crack , or gpu cuda nvidia brute force crack can be applied on this technology . Sorry you have to find a new way to crack chaos theory for that.

We use 0% of any mathematical calculation algorithm ­ so we can perform any ware with unparalleled strength

Key Strength - 1million bit or more
Speed performance 400% faster Compeer to AES
MPU use - Mathematical Process Unit in CPU use 3% - 7% only
Overhead of the file from original 5% +/- (original+5%) +/-
A combination of mode 1 and 2 applied with a new variation of XOR - to perform the encrypted message

Anyone have any ideas?

Posted on October 13, 2009 at 2:55 PM • 106 Comments

Comments

craigOctober 13, 2009 3:14 PM

It seems to describe (yes, I actually tried to decode it) one-time pad key generation which, after encrypting the plaintext, discards the key. As they may have done with this description.

Curiously, the rest of their web site is much more coherent. They also seem to have a customer, only one, which is themselves.

Paul HoffmanOctober 13, 2009 3:21 PM

A dog can only live in one house at a time. In this case, the claim of the Unreadable Doghouse is bigger than the claim of the Bogus Crypto Doghouse.

KorpilOctober 13, 2009 3:45 PM

Hmm... I met one R. Cohen from Israel a while ago, and while his field was "security", it was "physical" security... not this... nonsense!

Petréa MitchellOctober 13, 2009 3:45 PM

It appears to be part of a family of related companies of which this is the patriarch:

http://quantoms.com/

The HardGuard brochure is a must-read. "HardGuard's team of researchers ... have first completely secure solution to isolate computers from viruses and Trojan code."

HJohnOctober 13, 2009 3:48 PM

I'm no expert in cryptography, so if I'm missing something I definitely appreciate the correction from those of you who have more expertise than I, but a few points jump out at me:
1. If it is as strong as they say, I fail to see how it is possible that it is 400% faster than AES. Seems strength and overhead would be at odds.
2. I fail to see how this would not be suspectible to brute force attacks, which is nothing more than massive guessing. I don't see how the added variables will make guessing impossible. Harder, maybe. But any time someone must enter something to retrieve the data, how is it not possible for this to be guessed (and therefore brute forced)?
3. Why would anyone trust a product whose specs were advertised this poorly? The gibberish and poor grammar alone leads me to be skeptical (if not downright dismissive).

RHOctober 13, 2009 3:51 PM

I _THINK_ step 4 is an s-box... none[sic] Mathematical with zero use of calculation algorithm

In their defense, they claim they intend to open source the algorithm... which is one step more serious than "my algortihm rocks and you can't see it!"

Grande MochaOctober 13, 2009 3:59 PM

Amusing, but not really an issue. I get the impression that companies like this don't have clients (for good reasons).

DougOctober 13, 2009 3:59 PM

Well, I'm not sure if it's chinglish, russlish, or hindish, but I'm not trusting my data to anyone who can't even run a spell checker, let alone write a complete sentence!

gat3wayOctober 13, 2009 3:59 PM

This may look like plaintext but it is actually ciphertext.

The description I mean :)

HJohnOctober 13, 2009 4:01 PM

@RH: In their defense, they claim they intend to open source the algorithm... which is one step more serious than "my algortihm rocks and you can't see it!"
______________

The way I took the wording was that the technology would be open source for personal use, not that the algorith would be open. But, given how poorly written the piece was, I acknowledge I may likely be wrong.

NixOctober 13, 2009 4:03 PM

Petréa: From the description and the name it's plain how HardGuard works: they unplug all cables, pour concrete over the machine and let it set. Perhaps they surround it with something metallic too, to stop wifi.

(They also claim it's not physically isolated, so perhaps they chain the machine to something as well.)


... actually, they have a patent, filed in 2001, number 6957286, which has plainly been gone over by someone competent in the English language in the four years between filing and issuance. It appears to describe two computers with a shared PSU, such that only one can be on at once, and shared memory: one communicates with the Internet, the other with the LAN. How this introduces anything other than catastrophic inconvenience remains unclear to me. It certainly doesn't secure you from, say, malware that writes itself to disk (these young 'uns who can't remember file viruses, or, er, trojans, droppers, email viruses...)

Timmy303October 13, 2009 4:06 PM

Hey if it's just encryption they're doing and never decryption this would be a start ...

MilanOctober 13, 2009 4:08 PM

You may not need cryptographers to be a credible-seeming phony security company, but you do at least need some copy writers.

AnybodyOctober 13, 2009 4:11 PM

Perhaps if they're aiming for unbreakable encryption they should try using a SHA-256 instead, marketing it as encryption which also contains extreme compression measures.

Breaking it would be mathematically impossible!

Although, decryption would be similarly impossible... hmmm....

VincentOctober 13, 2009 4:25 PM

It must be hyperactive children playing at learning jargon without anyone around to give them things to read about theory. A shame because it's all so fascinating and rich in history.

iguacufallsOctober 13, 2009 4:29 PM

why use Pure Human Randomness? Why not Pure Simian Randomness or Pure Equine Randomness? Surely nonhumans exhibit much greater randomness than we do. Other than breaking out into Broadway songs on the subway, that is.

RHOctober 13, 2009 4:43 PM

I'm also guessing the new variation of XOR is the cryptographically superior XNOR because it does everything XOR does, plus negates the bits! Two jobs for the price of one!

RHOctober 13, 2009 4:48 PM

I read it again. Part 2 sounds suspiciously like a synchronous stream cypher. Using human randomness (i.e. mashing on the keyboard) to generate a "program" which temporarily generates a 1 time use pad.

That sounds to me like "generate a keystream and use [the new and improved] XOR to encrypt the message"!

ThomasOctober 13, 2009 4:57 PM

"PHR - Pure Human random"

So.... what makes a human impure? And why are they less random than the pure ones?

AlOctober 13, 2009 5:35 PM

To me.. meaningless marketing made-up techno-babble.

To my manager.. WOW that sounds cool, we must have it now.

WadeOctober 13, 2009 5:48 PM

I'm guessing the thought process is:
1) I don't understand the algorithm descriptions from other cryptography companies.
2) Other cryptography companies make money because of the algorithm descriptions.
3) If I produce an algorithm description that nobody can understand, I'll make lots of money!

The scary thing is, that isn't far from the truth. A detailed description of AES or Bluefish probably makes exactly as much sense as this does to someone with no training in math or crypto, and if that person is the one deciding which product to buy...

Henning MakholmOctober 13, 2009 6:57 PM

This sounds EXACTLY as if somebody went trough every "snake-oil warning signs" article Bruce has ever written, and then selected a dozen red flags pseudorandomly. (Remember to award extra points for the challenge ciphertext behind the link).

On a more detailed level, I suspect that the "4th" paragraph simply means "afterwards the file can be decrypted".

"Real one time PAD" is, as we all know, parsoleotongue for "synchronous stream cipher". I'll second RH's suggestion that the "human randomness" nonsense refers to gathering randomness from keyboard time or something such. It seems to me that they are they are using this randomness as the nonce to initialize the stream cipher.

"Step 1" seems to have something to do with permuting blocks of the plaintext before encrypting.

Henning MakholmOctober 13, 2009 7:58 PM

Spending much more time than this probably warrants, I took a look at the image they present thus:

"For cryptographic analysis we transform the encrypted file for a graphic randomness evaluation when 1 = black, 0 = white. This is a view of a regular file text file - not encrypted you can see the non randomness patterns all over the file - regular file link"

This image, ostensibly a plaintext text file displayed as a bitmap, is a jpeg file (!) but most pixels are close enough to black or white that the difference is probably due to jpeg artifacts.

Most of the upper half of the image looks very regular and has translational symmetry except for a small part of the pattern that varies from copy to copy. However it is a strange symmetry; the lattice bases are (351,0) and (51,1). Hard to reconcile with a "text file" assumption where the period of a pattern would surely be a multiple of 8 bits.

... oh. The pattern does not even match between the left and the right side of the image. So it's a complete fake. But why? I would find it much easier to slap a PBM header in front of a real text file with lots of redundancy, than to create a forgery as strangely skewed as this one.

a chemistOctober 13, 2009 8:09 PM

I do not see how you can use "white noise" as an encryption stream and reverse the process and get your plaintext back.

Just a Chemist

AndrewOctober 13, 2009 10:33 PM

"So.... what makes a human impure? And why are they less random than the pure ones?" - Thomas

I think they use virgins or babies or virgin babies for their pure humans.

DaveCOctober 13, 2009 11:50 PM

The language seems like classic Chinglish of the form found in the instruction manuals for $10 radio controlled toys, or generated by BabelFish (maybe there's a correlation there? :-) so the language could be forgiven on those grounds.

However, after making allowance for translation, the alleged encryption algorithm is total smoke and mirrors.

anonymousOctober 14, 2009 2:12 AM

The used algorithms seems to be a simple, well-known One-Time-Pad encryption. The random key which should have the same length as the plaintext is generated with different sources. If you find a secure way to transfer the key, the encryption is not breakable (which can be mathematical proofed). It is not described how the key is transferred. So this article brings nothing new. Perhaps it is only a satire.

El CapitainOctober 14, 2009 2:19 AM

Smells very much like "Jaws" or "Non-Elephant (NE2) Encryption." I'd love to pick through their referrer logs and see how many page visits were a result of the link from this page as compared to the rest of the interwebs as a whole.

Evil_TrevorOctober 14, 2009 4:04 AM

Hey wow, these guys rock, like they're obviously 1337 {leet} . They've got a computer program that runs on a CPU using mathematical functions that doesn't do any maths ! They've computerised human randomness, something no-one else has ever done. AND they can decrypt scrambled text without doing any calculations. I'm going to buy that product.

vwmOctober 14, 2009 4:24 AM

Well... "open source free for personal use only" ... so they do not understand "open source" either.

Oh, and, how can it be open source, if they ain't using no "mathematical calculation algorithm?

Jarek AndrzejewskiOctober 14, 2009 4:51 AM

It recalled me ZX-Spectrum program called "Plenum" ("plenum" meant meeting of communist party management).
The program just produced the text of any length you want in "newspeak" language. The effect? The same as communist leaders speeches: a lot of words, but no meaning at all.

ajwOctober 14, 2009 6:06 AM

I think I read this stuff once before, scrawled on the wall of the Aperture Science Enrichment Centre. Or possibly on timecube.com.

Clive RobinsonOctober 14, 2009 7:16 AM

@ a Chemist,

Two things,

First you need to sort out your personal URL having it as just,

"http://www.yahoo.com"

Is not going to get you any friendly visits.

Secondly,

"I do not see how you can use "white noise" as an encryption stream and reverse the process and get your plaintext back."

Quite easy you record the white noise on a record and send one copy to the person with whom you wish to communicate.

You then simply synchronise the two noise sources then add the noise at the TX side and subtract it at the RX side.

This is how the WWII US-UK hotline worked.

sooth sayerOctober 14, 2009 7:24 AM

Only Non-Mathematical Encryption -- (since 1997) is hilarious admission - Does it mean the market was rampant with them a few years ago .. and now is restarting!

I recall there was once a company in late 1980's who did an IPO on a ram-doubler technology. So snake-oil can be sold.

Daniel CarreraOctober 14, 2009 7:29 AM

I wrote to ask for details about their algorithm. After reminding me that their system doesn't use math, they said that it is patent pending and they can't give me anything more than what's on the website. Sigh...

Clive RobinsonOctober 14, 2009 7:31 AM

@ Bruce,

Have you read Ross Andersons paper on the "Bear Cipher"?

It reads like they may be trying to do the same thing.

I'm assuming their "white noise" is a PRBS losely based on RC4 but with a "one way" "shuffle" based on some logical implementation of "chaos theory" or two normaly non related linear algorithums such as ADD and XOR done in a similar way to SNOW.

But then again I might just be seeing "faces in clouds" 8)

john grecoOctober 14, 2009 8:15 AM

@vwm

Well techincally it is possible to have a non-commercial only open source license, it just wouldn't be considered Free software.

That said, yeah. They probably don't know what open source is.

Mark ROctober 14, 2009 8:20 AM

They make a really good point, though... cryptanalysts are always attacking those mathematical calculation algorithms. Math is the achilles heel of modern cryptography! Cryptographers have been brainwashed by the "Big Math" educational system to think math is the answer to all their problems.

We need cryptography without math - preferably, developed by people who have not passed high-school calculus. This looks like an excellent start.

kaesOctober 14, 2009 8:30 AM

> why use Pure Human Randomness?
> Why not Pure Simian Randomness or
> Pure Equine Randomness? Surely
> nonhumans exhibit much greater
> randomness than we do.

well they DO have dogs made of PURE GENES for sale .. or download. (??)

http://www.quantoms.com/download/dvash.html

(page contains an embedded youtube vid)

jacobOctober 14, 2009 8:49 AM

ok I am certainly below a novice at this type of thing. I sounds like they are trying to generate a random Xor in the attempt for a OTP. Do they expect to get paid for this?

I can generate a Pure Human random ( or ROEE Random Oriented Enhanced Encryption) sequence with my four year old nephew, expresso and a puppy.

Ian EiloartOctober 14, 2009 8:56 AM

It's a counterfeit detection system. If you can recover the plain text, it's counterfeit!

EllieOctober 14, 2009 9:00 AM

OMG! The guy from this comic...

http://xkcd.com/153/

.. got a new job!

For non-link clickers, the comic shows a stick figure speaking at a conference. He says "My cryptosystem is like any feistel cipher, except in the S-Boxes we simply take the bitstring down, flip it, and reverse it." The caption reads "I've been barred from speaking at any major cryptography conferences ever since it became clear that all my algorithms were just thinly disguised missy elliot songs."


BrianOctober 14, 2009 9:28 AM

So they create a one-time pad that they then cannot send to the other party?

I have a better idea, instead of increasing the size by 5%, just 'encrypt' by taking the xor of the whole thing, just as unbreakable, just as useless, but only having to send one bit makes it that much better.

Daniel CarreraOctober 14, 2009 10:35 AM

@Brian,

Even better:

encrypt (plaintext) {
return 1;
}

There you have it. Perfect security and great compression. :-D

Petréa MitchellOctober 14, 2009 11:12 AM

parseltongue:

"Obviously, they use only 'white' noise - a stream of 0 bits."

Wouldn't that be black noise?

Fred POctober 14, 2009 11:17 AM

It looks like they permute/use a mapping in step 1 - block by block (which one/ones depends on the "randomly" generated key), XOR that with a "random key" seeded with a combination of temporal and random elements fed into the PRNG in step 2, then they transform in a way they understand so poorly that they don't realize that it's highly vulnerable to mathematical analysis in step 3. Oh, yes, and they can't count (further showing their mathematical prowess), so what they number as 2 and 3 are step 2, and their step 4 is step 3.

Finally, they show off a 2-d diagram of the lack of obvious patterns in their PRNG (which, unless step 3 is really bad, is pretty much all this shows).

Brian CasielloOctober 14, 2009 11:21 AM

Hmm, I think somebody fed a Markov chain text generator a cryptography textbook and a bunch of spam.

COctober 14, 2009 11:27 AM

Wait...isn't XOR just polynomial addition, hence, a mathematical operation?

...Never twelve-year-olds write your encryption algorithms...

n00bOctober 14, 2009 11:34 AM

I think their disclaimer applies to the information they provide:

"The content of privacyinside.com is for general information purposes only and does not constitute advice. privacyinside.com tries to provide content that is true and accurate as of the date of writing; however, we give no assurance or warranty regarding the accuracy, timeliness, or applicability of any of the contents."

http://www.privacyinside.com/disclaimer.htm

Clive RobinsonOctober 14, 2009 12:05 PM

@ Daniel Carrera,

"There you have it. Perfect security and great compression. :-D

If your solution was a bit smaller it would be "Perfect compression" as well 8)

Clive RobinsonOctober 14, 2009 12:13 PM

@ Nostromo,

"Was this garbage really worth bringing to our attention?"

It appears from the responses to have a certain entertainment value 8)

And laughing at something is a very good way of making people see what it realy is...

Clive RobinsonOctober 14, 2009 12:22 PM

@ Petréa Mitchell,

"Wouldn't that be black noise?"

Ahh no...

It is said that a certain moderatly well known academic took white noise and mixed it with rap music to produce a CD of random numbers that he called "Black Noise".

In these more "enlightened" / "PC" days one has to be carefull, lest one accidently causes offence by borrowing somebody elses meanings ;)

ShaneOctober 14, 2009 12:57 PM

"Sorry you have to find a new way to crack chaos theory for that," nearly generated some PHR in my shorts.

stats_guyOctober 14, 2009 2:29 PM

Just analyzed the encrypted file statistically: the distribution is not uniform. The incidence of characters as a percentage ranges from .50% to .30%. A perfect distribution is .39%.

HombolOctober 14, 2009 2:32 PM

I read this blog as an interested person, with no knowledge of cryptography.

Having said that, perhaps someone here can help me with this question:

If I was able to read (but fail to parse) this post in 2 minutes, how quickly could someone read (and fail to parse) this post if they read 400% faster than I do?

Is the answer something on the order of 6 minutes before Bruce posted it?

Am I close?

Are Privacy Inside implying they can encrypt plaintexts not yet written?

Nick POctober 14, 2009 3:05 PM

Wow. That's almost too much BS for me to digest at once. How do these companies even score a few clients? I think I'm in the wrong business. Instead of real security, I should offer my own line of ineffective crypto algorithms. You avid doghouse readers would love that, right? Let's see if I can make it sound more realistic.

Tired of ineffective key lengths? Tired of worrying how long till someone breaks an algorithm and your secrets are spilled? Well, Crypto Casa Perro Inc. has the solution for you! It's called a Double-Streamed Block Cipher. It gives you the strength of the strongest block ciphers, without weaknesses associated with padding. And with a 256 to 512 bit key, brute force is a thing of the past. Here's how it works.

We start by taking your key and splitting it into two 128 or 256 bit keys. Then, we create a session- or file-specific key from the first master key and apply a fast and secure stream cipher, Salsa20, to the plaintext data. This lightening-fast cipher by itself defeats all known attacks. From there, we use the second master key to encrypt it again with Serpent block cipher in CBC mode. The stream cipher prevents padding from screwing up entropy, while CBC spreads randomness all over the data. The result? A totally freakin' unbreakable bunch of cipher text protected by a 512-bit random key! And did we say it's fast? That it uses SSE optimized x86 assember? And that it's been approved by the NSA for use in Type 4 encryption systems? Type 4! How many products can claim THAT rating!?

So, are you tired of breakable crypto products? Are you tired of a lack of layered security in encryption? Then why don't you start using the award-winning scheme mentioned on Bruce Schneier's blog! Our network and file-based encryption starts at only $199 a seat. And if you buy now, you get free integration with Outlook, PGP and OpenVPN. So, what are you waiting for!? Join the revolution!

Nick POctober 14, 2009 4:26 PM

I just looked at the holding company someone else posted. The closest thing they had to a real product was HardGuard, "inspected by Israeli DOD." Or whatever. You connect it to PC motherboard, and two sets of storage/network devices to it. One for "safe zone" and one for "unsafe/internet zone." It only provides power to one set at a time, preventing attacks. This is one of their main products.

To me, it's a weak ass red-black separation scheme. Far from immunity, it doesn't address BIOS, mobo- or processor-level attacks or how to prevent problems from the inevitable sharing of content. I still think *my* red-black scheme is much better: two net-tops, running OpenBSD or CentOS-based SELinux; KVM switch; easily plugged/unplugged audio and ethernet cross-over cables on clearly labeled ports; loads from LiveCD, recreated (updated) weekly; all shared content uses easily parsed formats and is scanned by AV software. You can buy their bullshit that's compromised by a Blue Pill attack, or you can build a setup like mine for under $800 with COTS components, OpenWRT or Soekris OpenBSD router included. ;) So, does anyone still want this awesome BalsaGuard (or whatever its called) product?

Crypto Casa Perro Inc.October 14, 2009 4:34 PM

@ PHB

Excellent! Just send your money via Western Union to our account in the Cayman Island's. Please be sure to attach your credit card number and CCV so that we may verify your identity.* If your company chooses to purchase more and prefers wire transfer, be sure to send the money in increments under $10,000. This is for your protection. As always, thank you for doing business with Crypto Casa Perro!

* Your credit card will not be charged by us at any time, and your personal data is protected by our very own patent-pending 512-bit encryption technology.

GweihirOctober 14, 2009 6:23 PM

I think this is a gem! The next time I get to explain to students about amateur-crypto, I might just use it.

JT PenningtonOctober 15, 2009 12:50 PM

@ Mark R

>We need cryptography without math - preferably, >developed by people who have not passed high->school calculus. This looks like an excellent start.

Hmmm... Calculus, that was that course in high school that taught you how to use calculators right? I so ace'd that course. I better contact them with MY qualifications, I'm sure I can get a job! Hell, I can rock two TI-92 calculators at the same time!. :P

If anyone chokes on my sarcasm... I apoligize. I realize it is rather thick. Chew well before swallowing.

Rob SheinOctober 15, 2009 2:54 PM

It reminds me of when I first started mountain biking, back in the 80s...back then, the magazines all had ads from Taiwanese manufacturers who were hoping to break into the market with their products...but which had curious uses of English in their slogans. One specific ad comes to mind here:

"The wonderful more than you can believe it!"

AlasdairOctober 15, 2009 3:31 PM

If you go to their website, their header claims "beyond military strength encryption". Oh gee, gosh, wow.

Clive RobinsonOctober 16, 2009 12:34 AM

@ Daniel Page,

"Somthing like:
void encrypt (plaintext) {
}"

Yup that would do it 8)

However a thought has occured we need "covert channel" protection as well.

Most covert channels are time based attacks so we need a method to not only destroy timing but also limit any channel bandwidth (effectivly the reciprical of time) so,

sleep(forever);

Needs to be in there as well.

Now we realy are getting secure and for so little effort 8)

Clive RobinsonOctober 16, 2009 6:49 AM

@ Fredric L. Rice,

"Translation: They use a look-up table. LOL."

Nearly all maths can be done by lookup table.

And it can be shown for quite a few complex operations on small number size it's a lot lot faster, and often uses less silicon space.

For instance back in the 1980's I developed various comms DSP solutions using 8bit micros (Z80) and lookup tables to do DFTs and similar. And less than ten years ago I implemented a two stage "digital IF" strip using little more than the equivalent of a handfull of fast TTL chips and a ROM chip for a specialised low bandwidth communiction system.

Even using more modern technology it would be doubtful if the same speed/gate count could be beaten by a conventional maths based CPU in either case.

naOctober 16, 2009 4:34 PM

It isn't about encryption. It is a logic bomb designed to create a DOS on the time of anyone who stumbles across it. It will then replicate itself across crypto forums. You know the pattern.

Ben COctober 18, 2009 2:15 PM

@ na:

Ok, no more Dan Brown novels for you. They're bad for your health anyway.


I'd like to make a meta-argument for a bit. If they've filed a patent application, then we should be able to look up the application... I've tried 30 different combinations of the words on their website and their name and come up with nothing.

So I'm going to have to assume they're just messing with us and wasting our time. If they have an application in, they are protected assuming they get their patent (from a US law standpoint, they can disclose somewhat beforehand as long as they can prove they are the original source of the invention).

Interesting find, was fun to poke around their website. Everything considered, I'll stick with a different solution for a bit.

MarcelOctober 18, 2009 2:27 PM

Maybe their variant of XOR uses an obfuscation technique previously known as "carry"?

PeteOctober 19, 2009 10:18 AM

The only worry about this product is the chance that they could catch a Pointy-Haired Manager at a strategic moment and accidentally fluke a sale ...

DurandalOctober 19, 2009 11:41 AM

Of course, they have to put in the obligatory bolded "MADE IN ISRAEL" disclaimer to end the description. It MUST be valid if it was made in Israel, look at how many scientists they have!

Doug FOctober 20, 2009 4:30 PM

This encryption method is so secure that even the intended recipient is unable to retrieve the plaintext. The data are completely garbled irretrievably. Now that is absolute security.

t.williamsOctober 20, 2009 5:26 PM

@iguacufalls: Pure Simian Randomness is out of the question. While one million bits of PSR is somewhat less than infinity, the complete works of Shakespeare could still be applied to break the encryption.

Valdis KletnieksOctober 20, 2009 11:11 PM

@clive robinson: "Nearly all maths can be done by lookup table.

And it can be shown for quite a few complex operations on small number size it's a lot lot faster, and often uses less silicon space."

Hate to say it, but the prior art on this goes back a *long* way - the IBM 1620 'CADET" from 1959 comes to mind. Some wags say the CADET name stands for "Can't Add - Doesn't Even Try" because the initial machine didn't have any conventional hardware support for arithmetic operations - it was implemented using lookup tables in memory. When the 1620 Model II came out, they finally provided hardware add/subtract, but multiply was still done via table lookup.

Clive RobinsonOctober 21, 2009 3:45 AM

@ Valdis Kletnieks,

"Hate to say it, but the prior art on this goes back a *long* way - the IBM 1620 'CADET" from 1959 comes to mind."

1959... I "Hate to say it, but" you sound like you are "longer in the tooth" than both Bruce and myself ;)

If you think about it even today all CPU's use lookup tables to do math to some extent (Pentium Bug definatly), after all that's all a microcoded state machine is.

I guess in reality a "matrix" lookup for maths is actually older even than mechanical computers ("Babage's mill" was designed to print out such tables for navigation).

And most children learn about such matrix lookup with their "times tables". Saddly though they nolonger get to see Trig or Log tables or one of the earliest mechanical maths aids "Napier's Bones".

Just last year I was talking to the teacher who was teaching my son primary maths and she had never heard of a slide rule. She was quite impressed when I showed her how it could be setup easily to do something akward like give a percentage score for a test with say 37 questions, and importantly once set took only a glance to do it for a whole class full of test papers.

Arguably the Enigma cipher machine, as where all the cipher machines before, were nothing other than automated "lookup tables", as where code books.

I guess it's just how you see the idea of Maths and Tables. All tables trade time / memory and related resources.

NateNovember 2, 2009 1:19 AM

this site is obviously TERRORISTS trying to hide their messages because all the typos are pieces of a UNBREAKABLE ONE TIME PAD and if you read down the left side it says
am 1k which means they want to kill 1000 americans bruce don't post these obviously TERRORISTIC messages or the TERRORISTS WIN>

andreDecember 31, 2009 4:10 PM

Just a couple of comments:

First - PHR

I worked with this group and was in charge of their technical development team in Haifa. The PHR encryption was initially based on human input (not a unique approach) from a file containing mouse movements stored on a PC. It was clear early on that 2D geometry is not a perfect source of randomness, not unlike using an electronic circuit for creating white noise as a seed to the key.

The algorithms were extremely fast for encryption/decryption with a reasonably low overhead of added bits to the content. Commercial viability and adoption were a key stumbling block for market introduction. However, as a cryptographer, I performed sufficient statistical analysis to indicate that it was good enough to prevent both a brute force attack or mathematical pattern analysis.

The use model was specifically designed to prevent man in the middle attacks and that is why the session key could change at different levels of granularity - all the way down to the packet level (bit of overkill). Shifting session keys prevent the middle man from creating the next key since you had to have access to the first key used. This approach has some serious deficiencies but was an excellent replacement for standard SSL methods.

Second - HardGuard

As some of the comments correctly analyzed, it was a 2 state operator so that when you switched between states (required a restart of the machine) any corrupted state of your environment was lost and replaced with a protected image. Bios and memory infections by virtue of the restart were lost and the bios was re instantiated with the original non-corrupted version.

The demonstrations to the Israeli DOD were based on keeping a CD copy of the operating system (uncorrupted image) in the machine so there is no way you can corrupt it.

While this was a somewhat simple way of solving the Trojan problem, it meant that injecting a virus that affected files, would still be on the hard drive giving it the opportunity for damaging other stored data. While the OS was always clean from a restart using the CD, data could be infected on the hard drive.

I think they solved this issue but I was no longer engaged with them at that point.

Language - Yes, the English text is somewhat mangled but does not reflect their competency in their field of discipline. You should read some of the stuff from software companies in India - much worse and for them English is the only commercial language used. So, don't be so hard on them about this issue...probably they need better web design contractors.

Most of the scientific work was developed by Royi Cohen, a smart young man whom I enjoyed for his sincerity, inventiveness and honesty.

2d-Barcodes - While I did not work with Privacy Inside (now Cryptocodex) on this application, I did a preliminary analysis of their merging barcodes with PHR and found this approach a strong audit tool for counterfeit commercial goods (electronics, apparel, accessories). With the new smartphones, you could use an online camera to capture the image and interrogate a server usind cellular data services. This method is already implemented for 2D barcodes on coupons that can be scanned at a point of sale laser scanner.

Their application is easy and practical to implement, unlike other methods that create embedded codes in the material or paints used. There are at least Israel vendors who are doing physical surface encoding today. One vendor uses a chemical signature method that can be used to track fuels to see if they are from a source that pays a tax (gasoline stations) as opposed to one where no tax is applied (for example, gasoline supplied to farmers).

The encrypted barcode is an excellent add on to document protection, especially those produced by Word and Adobe. I wish them well.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..