Main Menu
Main
  • Submit a Problem
  • Public Forum

    Crypto
  • Challenges
  • Hall of Fame
  • Hall of Shame
  • Libraries
  • Downloads
  • EnRUPT
  • Defectoscopy

    Junk
  • ASCII
  • ROT13
  • XOR

    Links
  • PureNoise
  • Test Your Cipher
  • eSTREAM Project
    • Crypto Hall of Shame

    You just have to laugh at these. Obviously the people behind them don't have a clue. This is the hall of shame. The worst of the worst ends up here. Not only is this stuff implemented wrong, that's the way they planned it from the beginning. Take note and don't do as they have done. :)
    Most of these were submitted at one time or another to Schneier's Crypto-Gram newsletter.

    I'm not surprised that some of these companies are out of business and their web sites no longer exist. I'm surprised some of them still do!
    http://www.greatencryption.com/

    Excerpt from October 15th Crypto-Gram:
    It's got all the snake-oil warning signs: a novel encryption algorithm that isn't discussed, an obvious ignorance of cryptography, a patent in progress, and a bogus contest. Sample sentences from the Web site: "Keys 2,000-4,000 characters long are recommended for key strength that is far greater than that of other software programs now sold." And: "Software with a key strength of 109^4000 + 109^3999 + ... 109^1." Egads.

    The funniest bit is when they claim that their encryption is fast, "encrypting about 5,000 plaintext characters/second on an average PC." Assume the average PC is 500 MHz; that translates to about 100,000 clock cycles per byte (ASCII character) encrypted. AES encrypts at 20 clock cycles per byte; there are stream ciphers that are over twice as fast. That means AES is 5,000 times faster than GreatEncryption.

    The Web site says: "Permission to export Great Encryption to the rest of the world, except for terrorist states, is being sought." If we're lucky, they'll get permission to export it ONLY to terrorist states.

    From: John Gateley
Subject: GreatEncryption

"Software with a key strength of 109^4000 + 109^3999 + ... 109^1."

It gets worse.  I found the following on the Web site: "Users can 
choose keys that are as short or as long as they wish.  But, only the 
first 4,000 valid characters submitted as a key are used in the 
program.  There are 109 valid key characters."

So, instead of 109^4000 different keys, they somehow come up with 
109^4000 + 109^3999 + ... +109^1.

Makes me wonder about the rest of their math.
    http://www.cryptdefence.com/

    CryptDefence, which offers "information's absolute protection" via their "entirely new original symmetric cryptographic algorithm MCD," which "disproves the Vernam theory....", blah blah blah.

    http://www.asiertech.com/

    Asier Technology, which "has made a breakthrough in such [cryptography] research and is now offering revolutionary products," with keys "ranging in key sizes from 5,000 to over 136,000 bits"
    Obviously clueless. Huge key sizes scream, "I don't know what I'm doing!"
    http://www.orontesprojects.com/

    TransPlace, the "only security program without hacks/ cracks/patches on Internet". Maybe it sucks so bad nobody will try? Or did you not even look?
    "Unhackable!!! It's IMPOSSIBLE to hack TransPlace-files!" I doubt that.
    "The internal structure of TransPlace is TOP SECRET!", Read: 'As soon as someone reverses our compiled code, we're fucked.
    "We believe it's impossible to make successful cracks for TransPlace or 'TransPlace protected files'!" Yeah, but it ain't true.

    http://www.forescout.com/

    Intrusion prevention technology that "pre-emptively neutralize[s] known and unknown attacks with no false positives ensuring zero time to protection," while at the same time requiring "no signature updates nor manual intervention". Too good to be true? Always is. :)

    http://www.eurotechltd.com/products/ss/crypto.html

    "double cipher, keyless transmission system, with no transmitted key subject to compromise" Oh yeah, that sounds safe. haha

    http://www.2minvest.com/news.asp?id=216

    Straight from Counterpane July 15th:
    I only need to quote from the press release:  "Combining chaos mathematics 
and computer science, the Danish company Cryptico has developed a new 
breakthrough encryption algorithm, which is superior to all existing 
solutions on the market.  The company's CryptiCore (tm) product is able to 
encrypt at a speed of 1Gbit/second, which is between 5 and 10 times faster 
than other algorithms.  The company has filed extensive patent applications 
on the technology."

And, by the way, "The technology is being backed up by internationally 
recognized experts."  No names were provided, of course.

I am continually surprised that people still fall for this stuff.

    http://www.ciphers.de/products/polymorphic_cipher_theory.html

    This is a strange one, on the surface he spins off terms that real cryptographers might use, but he ignores 50 years of experience for some new idea of his that he thinks is somehow better. Just cause it's confusing doesn't mean it's secure.

    One thing he mentions in regards to other symmetric ciphers is, "Known Plaintext attacks are generally more promising, because it might be possible that a simple dictionary of ciphertexts and the corresponding plaintexts could be set up" - Uh, maybe I'm missing something, but I don't think that's at all possible.

    Check out the site yourself; these guys look like they've done their homework and found all the buzz-words and hot topics, but the author seems to ignore the inability to prove his 'revolutionary' idea is secure. I've seen worse, but I'd keep away.
    News!
    The challenges are back and the Public Forum section is coming soon too.
    Graphics Wanted
    We need someone to make graphics for this website. Catch us on EFNet in #cryptography, or fill out the 'contact me' form.