$1 Million prize offered for cracking an encryption algorithm

Summary:It's 2008, and companies perhaps rich on VC money to waste in a guerilla marketing tactic for generating viral buzz, still talk and act as the utopian "unbreakable encryption" algorithm is the panacea of security, or the "Hackers Hell: Privacy That Can't Be Compromised" as they pitch it.

It's 2008, and companies perhaps rich on VC money to waste in a guerilla marketing tactic for generating viral buzz, still

$1 Million prize offered for cracking an encryption algorithm
talk and act as the utopian "unbreakable encryption" algorithm is the panacea of security, or the "Hackers Hell: Privacy That Can't Be Compromised" as they pitch it.

Permanent Privacy is one of these companies suffering from marketing myopia, and re-inventing the wheel by promotion what's already available on the market, unbreakable encryption if the algorithm is directly attacked, and the opportunity for obtaining the keys and passphrases through malware excluded. They are, whatsoever, offering $1m to those who manage crack their data encryption system :

"Permanent Privacy  announces the world's first practical data encryption system that is absolutely unbreakable. And is offering a $1,000,000 challenge to anyone who can crack it. Permanent Privacy (patent pending) has been verified by Peter Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable cynics Permanent Privacy is offering $1,000,000 to anyone who can decipher a sample of ciphertext. Peter White, Managing Director of Permanent Privacy, said:

"The world of cryptography shuns and disparages outsiders, but Permanent Privacy is the real thing. You can now send emails and store data with 100% security. Even the Pentagon can't read your secrets if they don't have the keys".

There's a business model in here, and not necessarily the brand with a mission like you'd want it to be.  For instance, in order to participate in the challenge, you'd have a purchase the tool for $39 - "Each licence bought will entitle one entry into the Million Dollar Challenge", and what follows is the best part. Even if you purchase it and encrypt a message, the person who wants to decrypt the message would also have the purchase the tool - "if your friend wants to decrypt something you've sent he/she will also need to purchase PP as well." Thinking for a second about the number of people with whom you exchange encrypted emails on a daily basis, and how they wouldn't be able to read them unless they too, purchase the tool, ruins my understanding of public key cryptography.

As far as the "unbreakable encryption" is concerned, it's already there. The GPcode authors use it, and probably you use it, which doesn't mean that you are no longer susceptible to malware and spyware attacks aiming to steal your secret keys and passphrase, since it would be virtually impossible, if not impractical to directly attack the encryption algorithm used. Cases in point :

These ongoing developments clearly indicate that whenever the algorithm cannot be cracked, adaptive approaches are already in the works, and so even the "unbreakable encryption" can by simply bypassed by stealing your keys and associated passphrase through malware. Therefore, the "unbreakable encryption" used in a compromised environment is literally worth nothing.

Topics: Security, Malware

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.