---------- Forwarded message ----------
From: "Peter A. DeNitto" <denitto@llamas.net>
To: jericho@dimensional.com
Date: Thu, 9 Apr 1998 11:37:44 -0400 (EDT)
Subject: Re: [ISN] New $1.2 Million Dollar Encryption Challenge Begins Today
This contest is mostly a Publicity stunt, and not one to actualy test
whether their code is scure or not.
They do not publish source code, they cannot sell to foreign nationals,
and you cannot attempt to crack their code without first ponying up $100
to buy their toolkit.
55,000 participants... Does this mean that they count everyone who has
bought their product as a participant?
Meganet's contest is less of a contest and more of a Sweepstakes.
If they cannot publish the source, then crypto groups cannot take a real
look at their code and determine if different ways of attacking their
contest can be found (other than brute force).
And also, I find the fact that... "Due to strict export regulations we
can not create a demo / shareware application that will allow everybody to
participate in the challenge." Definately a win situation for meganet,
since if you want a chance at $1.2Million you have to spend $100. I think
this is against the law in most states. But then this is the internet
and you can get away with most anything anyways.
Reading their document, I believe their big flaw with their encryption to
be tied with this statement:
http://meganet.com/VME.html
...
"...the key is not transferred but rather recreated on both ends based on
a common file. The key can not[sic] be compromised[sic] since it's not
being transferred."
Having a common file on both machines from which a key is generated sounds
like bad mojo in a live system. For their challenge, it's fine, but in a
live system it's trouble waiting to happen.
If you really want a contest that is acheivable, check out
www.distributed.net, or http://www.certicom.com/chal/index.htm, or
http://www.rsa.com/rsalabs/97challenge. These all detail the algorithms'
used, provide source, and exercises.
An interesting link also is
http://www.interhack.net/people/cmcurtin/snake-oil-faq.html
Authored by Matt Curtin
...
Secret Algorithms
Avoid software which uses secret algorithms. This is not considered a
safe means of protecting data. If the vendor isn't confident that its
encryption method can withstand scrutiny, then you should be wary of
trusting it.
...
Check out your local sci.crypt newsgroup or www.dejanews.com. There's a
lot better discussion there.
--Pete
On Sun, 5 Apr 1998 jericho@dimensional.com wrote:
> Date: Sun, 5 Apr 1998 01:46:12 -0700 (MST)
> From: jericho@dimensional.com
> To: InfoSec News <isn@sekurity.org>
> Subject: [ISN] New $1.2 Million Dollar Encryption Challenge Begins Today
>
>
> Originally From: Gary Porter <grporter@nps.navy.mil>
> Originally To: <internet-tidbits@azure.stl.nps.navy.mil>
>
> SOURCE: Meganet Corporation
>
> Meganet Corporation Ships Virtual Matrix Encryption
> Nationwide; New $1.2 Million Challenge Begins Today
>
> LOS ANGELES, April 1 /PRNewswire/ --
>
> Meganet Corporation, who challenged Microsoft (Nasdaq: MSFT - news),
> Intel (Nasdaq: INTC - news), Dell (Nasdaq: DELL - news), AT&T (NYSE: T -
> news), NCR (NYSE: NCR - news) and many other high tech companies with
> their unbreakable encryption is shipping VME98 nationwide.
>
> As of today, April 1st, 1998, anyone in the continental United States of
> America can buy VME98 directly from the Meganet web site at
> http://www.meganet.com. Prices for the standard edition are only $100 for
> a fully operational application.
>
> After 12 months of Research & Development, Meganet Corporation completed
> 21 different commercial versions of VME98 last month, and the product is
> now being sold nationwide through the World Wide Web.
>
> Virtual Matrix Encryption is the strongest encryption available today, and
> the product is available ONLY in the United States of America.
>
> Meganet Corporation is also launching their 3rd challenge which is worth
> $1.2 million over the next 12 months.
>
> Starting today, and for the next 12 months, Meganet Corporation will post
> a monthly $100,000 challenge for registered users of VME98. This new
> challenge shows Meganet Corporation has absolute confidence that VME98 is
> completely unbreakable.
>
> Today's date also marks 1 year from the first 1 million dollar challenge
> that brought Meganet Corporation nationwide recognition. The challenge
> lasted 45 days and over 55,000 people participated. None have succeeded.
>
> Today also marks the end of the second challenge which lasted over 6
> months, where Meganet Corporation challenged the top 250 corporations in
> the U.S. to test and break VME97. None have succeeded.
>
> The challenge solution will be posted on the Meganet web site at
> http://www.meganet.com.
>
>
>
>
> -o-
> Subscribe: mail majordomo@sekurity.org with "subscribe isn".
> Today's ISN Sponsor: Repent Security Incorporated
>
--
Help Crack Government Encryption - Join the Bovine Project: www.distributed.net
The cows are tromping all over America. Cows can replicate. They're
being born all over the world. There's plenty of beef available!
-- US Representative Zoe Lofgren (D-Ca)
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Sun Apr 12 17:40:16 1998