Entries Tagged "doghouse"

Page 1 of 4

The Doghouse: Crown Sterling

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious—and amusing—examples of cryptographic “snake oil.”

I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. But every so often, a new company comes along that is so ridiculous, so nonsensical, so bizarre, that there is nothing to do but call it out.

Crown Sterling is complete and utter snake oil. The company sells “TIME AI,” “the world’s first dynamic ‘non-factor’ based quantum AI encryption software,” “utilizing multi-dimensional encryption technology, including time, music’s infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs.” Those sentence fragments tick three of my snake-oil warning signs—from 1999!—right there: pseudo-math gobbledygook (warning sign #1), new mathematics (warning sign #2), and extreme cluelessness (warning sign #4).

More: “In March of 2019, Grant identified the first Infinite Prime Number prediction pattern, where the discovery was published on Cornell University’s www.arXiv.org titled: ‘Accurate and Infinite Prime Number Prediction from Novel Quasi-Prime Analytical Methodology.’ The paper was co-authored by Physicist and Number Theorist Talal Ghannam PhD. The discovery challenges today’s current encryption framework by enabling the accurate prediction of prime numbers.” Note the attempt to leverage Cornell’s reputation, even though the preprint server is not peer-reviewed and allows anyone to upload anything. (That should be another warning sign: undeserved appeals to authority.) PhD student Mark Carney took the time to refute it. Most of it is wrong, and what’s right isn’t new.

I first encountered the company earlier this year. In January, Tom Yemington from the company emailed me, asking to talk. “The founder and CEO, Robert Grant is a successful healthcare CEO and amateur mathematician that has discovered a method for cracking asymmetric encryption methods that are based on the difficulty of finding the prime factors of a large quasi-prime numbers. Thankfully the newly discovered math also provides us with much a stronger approach to encryption based on entangled-pairs of keys.” Sounds like complete snake-oil, right? I responded as I usually do when companies contact me, which is to tell them that I’m too busy.

In April, a colleague at IBM suggested I talk with the company. I poked around at the website, and sent back: “That screams ‘snake oil.’ Bet you a gazillion dollars they have absolutely nothing of value—and that none of their tech people have any cryptography expertise.” But I thought this might be an amusing conversation to have. I wrote back to Yemington. I never heard back—LinkedIn suggests he left in April—and forgot about the company completely until it surfaced at Black Hat this year.

Robert Grant, president of Crown Sterling, gave a sponsored talk: “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?” I didn’t see it, but it was widely criticized and heckled. Black Hat was so embarrassed that it removed the presentation from the conference website. (Parts of it remain on the Internet. Here’s a short video from the company, if you want to laugh along with everyone else at terms like “infinite wave conjugations” and “quantum AI encryption.” Or you can read the company’s press release about what happened at Black Hat, or Grant’s Twitter feed.)

Grant has no cryptographic credentials. His bio—on the website of something called the “Resonance Science Foundation”—is all over the place: “He holds several patents in the fields of photonics, electromagnetism, genetic combinatorics, DNA and phenotypic expression, and cybernetic implant technologies. Mr. Grant published and confirmed the existence of quasi-prime numbers (a new classification of prime numbers) and their infinite pattern inherent to icositetragonal geometry.”

Grant’s bio on the Crown Sterling website contains this sentence, absolutely beautiful in its nonsensical use of mathematical terms: “He has multiple publications in unified mathematics and physics related to his discoveries of quasi-prime numbers (a new classification for prime numbers), the world’s first predictive algorithm determining infinite prime numbers, and a unification wave-based theory connecting and correlating fundamental mathematical constants such as Pi, Euler, Alpha, Gamma and Phi.” (Quasi-primes are real, and they’re not new. They’re numbers with only large prime factors, like RSA moduli.)

Near as I can tell, Grant’s coauthor is the mathematician of the company: “Talal Ghannam—a physicist who has self-published a book called The Mystery of Numbers: Revealed through their Digital Root as well as a comic book called The Chronicles of Maroof the Knight: The Byzantine.” Nothing about cryptography.

There seems to be another technical person. Ars Technica writes: “Alan Green (who, according to the Resonance Foundation website, is a research team member and adjunct faculty for the Resonance Academy) is a consultant to the Crown Sterling team, according to a company spokesperson. Until earlier this month, Green—a musician who was ‘musical director for Davy Jones of The Monkees’—was listed on the Crown Sterling website as Director of Cryptography. Green has written books and a musical about hidden codes in the sonnets of William Shakespeare.”

None of these people have demonstrated any cryptographic credentials. No papers, no research, no nothing. (And, no, self-publishing doesn’t count.)

After the Black Hat talk, Grant—and maybe some of those others—sat down with Ars Technica and spun more snake oil. They claimed that the patterns they found in prime numbers allows them to break RSA. They’re not publishing their results “because Crown Sterling’s team felt it would be irresponsible to disclose discoveries that would break encryption.” (Snake-oil warning sign #7: unsubstantiated claims.) They also claim to have “some very, very strong advisors to the company” who are “experts in the field of cryptography, truly experts.” The only one they name is Larry Ponemon, who is a privacy researcher and not a cryptographer at all.

Enough of this. All of us can create ciphers that we cannot break ourselves, which means that amateur cryptographers regularly produce amateur cryptography. These guys are amateurs. Their math is amateurish. Their claims are nonsensical. Run away. Run, far, far, away.

But be careful how loudly you laugh when you do. Not only is the company ridiculous, it’s litigious as well. It has sued ten unnamed “John Doe” defendants for booing the Black Hat talk. (It also sued Black Hat, which may have more merit. The company paid $115K to have its talk presented amongst actual peer-reviewed talks. For Black Hat to remove its nonsense may very well be a breach of contract.)

Maybe Crown Sterling can file a meritless lawsuit against me instead for this post. I’m sure it would think it’d result in all sorts of positive press coverage. (Although any press is good press, so maybe it’s right.) But if I can prevent others from getting taken in by this stuff, it would be a good thing.

Posted on September 5, 2019 at 5:58 AMView Comments

The Doghouse: Demiurge Consulting

They claim to be “one of the nation’s only and most respected security and intelligence providers”—I’ve never heard of them—but their blog consists entirely of entries copied from my blog since December 24. They don’t even cull the ones that are obviously me: posts about interviews I’ve given, for example.

I contacted them last week and asked that they stop stealing my blog posts. I got an apologetic e-mail in response from Karim Hijazi, whose email sig file identifies him as “Principal/Founder,” but nothing has happened since. They haven’t stolen any new posts, but they haven’t taken down the old ones either. I suppose I could sue them, but public ridicule seems more fitting. (If you’re reading this post on the Demiurge site, I’m Bruce Schneier. Hi.)

EDITED TO ADD (2/23): The blog posts are down, and there’s a message to me in its place:

Speaking to the team that handles the blog component of the Demiurge website, I have learned not only have they been able to find at least 23 other websites syndicating content from Mr. Schneier’s blog, but there are more than three websites offering full blog post syndication links including Schneier’s blog.

Further, why would you find it offensive if we find your content very interesting to our clientele? If we really were trying to make it look like our content, don’t you think we would have scrubbed it? Besides all the links went back to your bloody blog… just more viewers for you. You weren’t thinking when you tried to flame us Bruce.

All you had to do was ask us to stop syndicating, which we did.

And for completeness, here’s Hijazi’s original e-mail response to my request: “Please stop stealing my blog posts and republishing them as your own.”

Please accept my apologies about the republishing of your blog posts.
Quite honestly our web development team was tasked with finding some interesting content to keep the blog component of our firm’s website compelling and up to date; it is clear that they took my request out of context. Ironically, I rarely even look at my own firm’s website!

I have had them stop the republishing immediately. I know of you by reputation, truly respect your work and thank you for being so gracious in your request; you very well could have been obtuse.

Again, I personally apologize for this situation.



I know, I know. But the posts are down, and that’s what matters.

Posted on February 23, 2010 at 1:47 PMView Comments

The Doghouse: ADE 651

A divining rod to find explosives in Iraq:

ATSC’s promotional material claims that its device can find guns, ammunition, drugs, truffles, human bodies and even contraband ivory at distances up to a kilometer, underground, through walls, underwater or even from airplanes three miles high. The device works on “electrostatic magnetic ion attraction,” ATSC says.

To detect materials, the operator puts an array of plastic-coated cardboard cards with bar codes into a holder connected to the wand by a cable. “It would be laughable,” Colonel Bidlack said, “except someone down the street from you is counting on this to keep bombs off the streets.”

Proponents of the wand often argue that errors stem from the human operator, who they say must be rested, with a steady pulse and body temperature, before using the device.

Then the operator must walk in place a few moments to “charge” the device, since it has no battery or other power source, and walk with the wand at right angles to the body. If there are explosives or drugs to the operator’s left, the wand is supposed to swivel to the operator’s left and point at them.

If, as often happens, no explosives or weapons are found, the police may blame a false positive on other things found in the car, like perfume, air fresheners or gold fillings in the driver’s teeth.

Complete quackery, sold by Cumberland Industries:

Still, the Iraqi government has purchased more than 1,500 of the devices, known as the ADE 651, at costs from $16,500 to $60,000 each. Nearly every police checkpoint, and many Iraqi military checkpoints, have one of the devices, which are now normally used in place of physical inspections of vehicles.

James Randi says:

This Foundation will give you our million-dollar prize upon the successful testing of the ADE651® device. Such test can be performed by anyone, anywhere, under your conditions, by you or by any appointed person or persons, in direct satisfaction of any or all of the provisions laid out above by you.

No one will respond to this, because the ADE651® is a useless, quack, device which cannot perform any other function than separating naïve persons from their money. It’s a fake, a scam, a swindle, and a blatant fraud. The manufacturers, distributors, vendors, advertisers, and retailers of the ADE651® device are criminals, liars, and thieves who will ignore this challenge because they know the device, the theory, the described principles of operation, and the technical descriptions given, are nonsense, lies, and fraudulent.

And he quotes from the Cumberland Industries literature (not online, unfortunately):

Ignores All Known Concealment Methods. By programming the detection cards to specifically target a particular substance, (through the proprietary process of electro-static matching of the ionic charge and structure of the substance), the ADE651® will “by-pass” all known attempts to conceal the target substance. It has been shown to penetrate Lead, other metals, concrete, and other matter (including hiding in the body) used in attempts to block the attraction.

No Consumables nor Maintenance Contracts Required. Unlike Trace Detectors that require the supply of sample traps, the ADE651® does not utilize any consumables (exceptions include: cotton-gloves and cleanser) thereby reducing the operational costs of the equipment. The equipment is Operator maintained and requires no ongoing maintenance service contracts. It comes with a hardware three year warranty. Since the equipment is powered electro statically, there are no batteries or conventional power supplies to change or maintain.

One interesting point is that the effectiveness of this device depends strongly on what the bad guys think about its effectiveness. If the bad guys think it works, they have to find someone who is 1) willing to kill himself, and 2) rational enough to keep his cool while being tested by one of these things. I’ll bet that the ADE651 makes it harder to recruit suicide bombers.

But what happened to the days when you could buy a divining rod for $100?

EDITED TO ADD (11/11): In case the company pulls the spec sheet, it’s archived here.

Posted on November 6, 2009 at 6:55 AM

The Doghouse: Privacy Inside

I’m just going to quote without comment:

About the file:
the text message file encrypted with a symmetric key combine 3 modes

1st changing the original text with random (white noise) and PHR (Pure Human Randomness) shuffle command , move and replace instruction combine with the key from mode 1 (white noise) and 2 (PHR)

2nd mode ­ xor PHR – Pure Human random ( or ROEE Random Oriented Enhanced Encryption) with a TIME set of instruction , and a computational temporary set of instructions to produce a real one time PAD when every time ,

Text will transform to a cipher the last will be different

3rd mode ­ xor WNS – White Noise Signal with a TIME set of instruction , and a computational temporary set of instructions to produce a real one time PAD when every time ,

Text will transform to a cipher the last will be different

4th Reconstructs file, levels and dimensions to a
this is a none mathematical with zero use of calculation algorithm – so no brute force , Rainbow Crack , or gpu cuda nvidia brute force crack can be applied on this technology . Sorry you have to find a new way to crack chaos theory for that.

We use 0% of any mathematical calculation algorithm ­ so we can perform any ware with unparalleled strength

Key Strength – 1million bit or more
Speed performance 400% faster Compeer to AES
MPU use – Mathematical Process Unit in CPU use 3% – 7% only
Overhead of the file from original 5% +/- (original+5%) +/-
A combination of mode 1 and 2 applied with a new variation of XOR – to perform the encrypted message

Anyone have any ideas?

Posted on October 13, 2009 at 2:55 PMView Comments

The Doghouse: Crypteto

Crypteto has a 49,152-bit symmetric key:

The most important issue of any encryption product is the ‘bit key strength’. To date the strongest known algorithm has a 448-bit key. Crypteto now offers a
49,152-bit key. This means that for every extra 1 bit increase that Crypteto has over its competition makes it 100% stronger. The security and privacy this offers
is staggering.

Yes, every key bit doubles an algorithm’s strength against brute-force attacks. But it’s hard to find any real meaning in a work factor of 249152.

Coupled with this truly remarkable breakthrough Crypteto does not compromise on encryption speed. In the past, incremental key strength improvements have effected the speed that data is encrypted. The usual situation was that for every 1 bit increase in key strength there was a consequent reduction in encryption
speed by 50%.

That’s not even remotely true. It’s not at all obvious how key length is related to encryption speed. Blowfish has the same speed, regardless of key length. AES-192 is about 20% slower than AES-128, and AES-256 is about 40% slower. Threefish, the block cipher inside Skein, encrypts data at 7.6 clock cycles/byte with a 256-bit key, 6.1 clock cycles/byte with a 512-bit key, and 6.5 clock cycles/byte with a 1024-bit key. I’m not claiming that Threefish is secure and ready for commercial use—at any keylength—but there simply isn’t a chance that encryption speed will drop by half for every key bit added.

This is a fundamental asymmetry of cryptography, and it’s important to get right. The cost to encrypt is linear as a function of key length, while cost to break is geometric. It’s one of the reasons why, of all the links in a security chain, cryptography is the strongest.

Normally I wouldn’t bother with this kind of thing, but they explicitly asked me to comment:

But Hawthorne Davies has overcome this issue. By offering an algorithm with an unequalled key strength of 49,152 bits, we are able to encrypt and decrypt data at speeds in excess of 8 megabytes per second. This means that the aforementioned Gigabyte of data would take 2 minutes 13 seconds. If Bruce Schneier, the United State’s foremost cryptologist, were to increase his Blowfish 448 bit encryption algorithm to Blowfish 49152, he would be hard pressed to encrypt one Gigabyte in 4 hours.


We look forward to receiving advice and encouragement from the good Dr. Schneier.

I’m not a doctor of anything, but sure. Read my 1999 essay on snake-oil cryptography:

Warning Sign #5: Ridiculous key lengths.

Jaws Technology boasts: “Thanks to the JAWS L5 algorithm’s statistically unbreakable 4096 bit key, the safety of your most valued data files is ensured.” Meganet takes the ridiculous a step further: “1 million bit symmetric keys—The market offer’s [sic] 40-160 bit only!!”

Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe. For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless.

Think of this as a sub-example of Warning Sign #4: if the company doesn’t understand keys, do you really want them to design your security product?

Or read what I wrote about symmetric key lengths in 1996, in Applied Cryptography (pp. 157–8):

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×1041 ergs. This is enough to power about 2.7×1056 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.

But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Ten years later, there is still no reason to use anything more than a 256-bit symmetric key. I gave the same advice in 2003 Practical Cryptography (pp. 65-6). Even a mythical quantum computer won’t be able to brute-force that large a keyspace. (Public keys are different, of course—see Table 2.2 of this NIST document for recommendations).

Of course, in the real world there are smarter ways than to brute-force keysearch. And the whole point of cipher cryptanalysis is to find shortcuts to brute-force search (like this attack on AES), but a 49,152-bit key is just plain stupid.

EDITED TO ADD (9/30): Now this is funny:

Some months ago I sent individual emails to each of seventeen experts in cryptology, all with the title of Doctor or Professor. My email was a first announcement to the academic world of the TOUAREG Encryption Algorithm, which, somewhat unusually, has a session key strength of over 49,000 bits and yet runs at 3 Megabytes per second. Bearing in mind that the strongest version of BLOWFISH has a session key of 448 bits and that every additional bit doubles the task of key-crashing, I imagined that my announcement would create more than a mild flutter of interest.

Much to his surprise, no one responded.

Here’s some more advice: my 1998 essay, “Memo to the Amateur Cipher Designer.” Anyone can design a cipher that he himself cannot break. It’s not even hard. So when you tell a cryptographer that you’ve designed a cipher that you can’t break, his first question will be “who the hell are you?” In other words, why should the fact that you can’t break a cipher be considered evidence of the cipher’s security?

If you want to design algorithms, start by breaking the ones out there. Practice by breaking algorithms that have already been broken (without peeking at the answers). Break something no one else has broken. Break another. Get your breaks published. When you have established yourself as someone who can break algorithms, then you can start designing new algorithms. Before then, no one will take you seriously.

EDITED TO ADD (9/30): I just did the math. An encryption speed of 8 megabytes per second on a 3.33 GHz CPU translates to about 400 clock cycles per byte. This is much, much slower than any of the AES finalists ten years ago, or any of the SHA-3 second round candidates today. It’s kind of embarrassingly slow, really.

Posted on September 30, 2009 at 5:52 AMView Comments

The Doghouse: Net1

They have technology:

The FTS Patent has been acclaimed by leading cryptographic authorities around the world as the most innovative and secure protocol ever invented to manage offline and online smart card related transactions. Please see the independent report by Bruce Schneider [sic] in his book entitled Applied Cryptography, 2nd Edition published in the late 1990s.

I have no idea what this is referring to.

EDITED TO ADD (5/20): Someone, probably from the company, said in comments that this is referring to the UEPS protocol, discussed on page 589. I still don’t like the hyperbole and the implied endorsement in the quote.

Posted on May 22, 2009 at 11:29 AMView Comments

The Doghouse: Singularics

This is priceless:

Our advances in Prime Number Theory have led to a new branch of mathematics called Neutronics. Neutronic functions make possible for the first time the ability to analyze regions of mathematics commonly thought to be undefined, such as the point where one is divided by zero. In short, we have developed a new way to analyze the undefined point at the singularity which appears throughout higher mathematics.

This new analytic technique has given us profound insight into the way that prime numbers are distributed throughout the integers. According to RSA’s website, there are over 1 billion licensed instances of RSA public-key encryption in use in the world today. Each of these instances of the prime number based RSA algorithm can now be deciphered using Neutronic analysis. Unlike RSA, Neutronic Encryption is not based on two large prime numbers but rather on the Neutronic forces that govern the distribution of the primes themselves. The encryption that results from Singularic’s Neutronic public-key algorithm is theoretically impossible to break.

You’d think that anyone who claims to be able to decrypt RSA at the key lengths in use today would, maybe, um, demonstrate that at least once. Otherwise, this can all be safely ignored as snake oil.

The founder and CTO also claims to have proved the Riemann Hypothesis, if you care to wade through the 63-page paper.

EDITED TO ADD (3/30): The CTO has responded to me.

Posted on February 25, 2009 at 2:00 PMView Comments

1 2 3 4

Sidebar photo of Bruce Schneier by Joe MacInnis.