Salutis^® Discussion

Salutis^® discussion (on: http://xtien.livejournal.com/20507.html#comments)
Last update: 2006-09-21

The discussion has come to a (temporary) pause. At the end of the discussion the reader will find an invitation to both parties in the discussion. Please click here.


The participants of the Salutis^® discussion

X-tien:       Click here for personal information
                 Click here for a link to http://www.izecom.nl

Anonymous: Puzzled (WBAGUNAEVPZNA)


Additional information from the Salutis-Team
Published on: 2006-09-08

Several times an anonymous participant in a discussion, opened by Xtien, has given comments and various additional recommendations on her statements made. The discussion is based on the product specification of our message broker, which we are about to introduce in the market under the brand name AGN. Also the PDF document, which we are providing, is part of the discussion.

 Click here to download the pdf-document(English)

Additional Salutis® technology information:
a) Data will be compressed before encoding and processed in chunks of 256 bit.
b) Each chunk is being encoded with a symmetric encryption algorithm (also known as enigma machine) in the so-called CBC mode. Both chunk and the key size are 256 bit.
c) Upon encoding, the chunks are re-assembled.
d) After re-assembling, the chunks are encrypted with an OTP key.

The Salutis® technology supports files with a size up to 16 Exabyte!

What is a one-time pad system?
The Vernam Algorithm, also known as the one-time pad, can be found on the website:
http://www.aspheute.com/english/20010924.asp

Involving Salutis® technology one uses codebooks. The system must receive on a regular basis new codebooks to determine the proper OTP key. The organisation Fourmilabs is working on a system to generate OTP keys.
See: http://www.fourmilab.ch/onetime/otpjs.html

What is a definition of "snake oil"?
According to Bruce Schneier's Crypto-Gram Newsletter May 15th 2002 "Secrecy, Security, and Obscurity" on the website: http://www.schneier.com/crypto-gram-0205.html an encryption is "snake oil" when it uses secret algorithms. The current available implementation of the Salutis® technology only supports algorithms available in the public domain. Salutis® technology is based on the textbook and other theories such as Shannon's theory (1949). Should Salutis® technology be labelled as snake oil, then cryptographic science should accordingly be identified as a hoax.



Start of the Salutis^® discussion:

X-tien wrote on 2006-09-05 at 14:04 am UTC:

Snake oil
Today an angel investor sent me information about a company that has created a "next generation crypto technology". He wants my opinion on their product. When I saw the words "next generation crypto technology", I was tempted to reply without reading the documentation and tell my friend that he should definitely not invest.

However, I did read the document and I visited their website. They claim that they use a one time pad as the encryption algorithm. Peculiar is that their one time pad is only 256 bits long. By definition, a "one time pad" is at least as long as the message you encrypt, so apparently they cannot encrypt messages of more than 256 bits.

"One time pad encryption" is generally called snake oil. It is similar to a perpetuum mobile. It doesn't work. Don't bother.

Then, when looking at their website, I saw that they were nominated as "the best invention" in 2003 by ID-NL. Wow. Snake oil was nominated as the best invention in the Netherlands in 2003.....


(Anonymous) wrote on 2006-09-06 at 10:06 am UTC:

RE: Puzzled
I have read the website but I fail to find the 256 bit key you mention. I asked a friend to translate the Dutch. Based on this information I get the impression that the system could be valid because they use a codebook. One could argue about the hassle to manage codebooks and how to create these codebooks (the key!). However, such a product cannot be classified as snake oil!

Assume that the codebook is only used once and it is a true random key than this system is build according the school textbook. The problem is that the length of the key needs to be the same as the length of the message. I fail to find this information but I think we should ask them for more information. Is the codebook only used once? Is the codebook a pure random key? The answers of the manufacturer will enable use to classify this product. Is it snake oil? On the other hand, is it indeed a system that offers a better security?

From my point of view, this is interesting but I am also very cautious. I think that you are jumping the conclusions without proper verification or that you obtained information unknown to me. Please inform us!


X-tien wrote on 2006-09-06 at 09:11 pm UTC:

RE: Puzzled
The reference to a 256 bit "one time pad" was made in the documentation a mutual friend sent me, I assume they know he sent it to me.

I know that if someone claims to have invented "next generation crypto" and they are not educated and reknown cryptographers, it's snake oil. If someone claims to have invented a new crypto and they show the algorithms and argue why their method would work, I'm willing to have a look at it, even if they are not reknown cryptographers. These people make claims but they don't show a thing. If they keep their algorithms a secret, it's "security by obscurity", that's even worse than snake oil.


(Anonymous) wrote on 2006-09-07 at 08:41 am UTC:

RE: Puzzled
The "one-time pad" (OTP) is an algorithm that is available in all cryptographic school textbooks.
The argument "they are not educated and reknown cryptographers" will not hold in this discussion:

If I decide to build a system according to the AES or "one-time pad" algorithm there is no need for me to be a renowned specialist to build a proper encryption system. All that is required is a proper implementation of the algorithm to build the system. Therefore, I fail to see the importance why someone has to be famous. But it is mandatory that one is capable to implement the schema and to verify the working. This is however not the discussion.

The question that needs to be answered is: Can we verify this system so we can obtain a proper judgement of its importance? Apparently you have received information that is not available for the public or you have found this information on an unknown web location. Could you share this information? The next argument "...they keep their algorithms a secret, it's "security by obscurity" will also not hold because of the following argument:
The Dutch text translation states mentions the implementation of an OTP. This is a publicly available encryption schema. Thus the manufacture is clear on the algorithm but gives little information on the implementation of this encryption schema. There is no secrecy is what the algorithm is.

I can imagine that a manufacture that found a practical implementation to deal with the hassle to create codes is a bit reluctant to share his idea. The proper question is: Is it acceptable that this mechanism cannot be verified?

I repeat my first statement: If the key length is 256 bit than the message must have a length of 256 bit. It is indeed awkward unless their implementation chops the message into 256 bit fragments. Assume that is a fact that they chop a message into 256 bit fragments. Then I must come to the conclusion that this implementation is according the school textbook.
One could ask for the reasons of chopping the message into 256 fragments but nevertheless this is a correct implementation of the OTP. There is one problem for the more talkative souls. The message needs to be smaller than 1.44 10^76 byte.

It is time to ask serious questions! I have come to conclusion: We must verify the statement of this manufacture. Is the OTP implementation done accordingly the school text book? How do they create the codebooks. Is it (and this mandatory) pure random and only used once?

I am puzzled.


X-tien wrote on 2006-09-07 at 10:27 am UTC:

RE: Puzzled
"One Time Pad" is indeed a textbook thing. An OTP is a key that is of exactly the same length as the message that is to be encrypted. You XOR the message and the OTP, then you know it's encrypted in an unbreakable way. The problem is that you have to distribute the OTP's. With everyone you communicate, you have to share a bunch of OTP's that you have to keep secret forever. If these people want to be taken seriously, they should explain how they distribute the otp's in a secure way.

In short: if you don't publish your algorithms, you can't be taken serious.


(Anonymous) wrote on 2006-09-08 at 08:51 (local):

RE: Puzzled
We have an agreement on the following:
· That an encryption system that uses a school text book OTP implementation is unbreakable,
· An encryption schema that implements OTP is not practical unless there is a solution to deal with the hassle of codebook generation and distribution,
· Only for the (OTP) key secrecy is allowed and that the algorithms and their implementation must be available for peer review.

To judge this system the following questions are in demand for a response:
· Is the OTP implementation correct?
· Can we accept that mechanism to create the codebooks and to distribute them is not available for peer review?
· Is distribution of the codebooks secure?

I get the impression that your foremost opposition is the secure distribution of the codebooks. However, the distribution issue is only relevant if all the questions are answered. The manufacturer should answer these questions ASAP. You have started a debate that based on a document and the website that you have concluded that their product is "snake oil". My source of information is the website. I cannot believe that you will state upfront that the product is 'snake oil' exclusively on this web information. Therefore, the mysterious document you mention is essential not only to support your view on the matter but also to conclude this discussion.

It seems to be that this potential interesting discussion is only half heartily supported by you because you refuse to share information. The fact that you ignore my question is not very polite and raises the following question: "Is this the birth of the snake oil blogger?"

I think that encryption is essential for the modern community to protect sensitive information. Therefore, it is essential to have these open and sincere discussions to explore the possible potential of new emerging technologies.

My dear xtien I challenge you to reveal the source of your information!


X-tien wrote on 2006-09-08 09:47 (local):

RE: Puzzled
The problem with encryption is not the strength of the encryption. Commercial encryption products are strong enough. The problem is acceptance, because most products are just too difficult to use. If people don't understand it, they don't use it. If it's too complex, people don't encrypt. There's a market for rsa-based encryption that is easy to use. There's no market for commercial products that are not compatible with today's standards. New encryption technologies need to be proven by presenting them to the crypto community and having them evaluated for at least a couple of years. After that, you may want to start developing a new product.

Unlike asymmetric technologies, OTP requires key distribution in advance of sending the message. This may be appropriate for diplomats, secret services, and governments, for the highest level of state secrets. For anything else, OTP doesn't work.

Please take this discussion to the forums of the international crypto community and find out what they say.

Again, there currently is no need for stronger crypto. There's a need for crypto that's easier to use.


thesalutis team wrote on 2006-09-08 09:50 (local):

Additional Salutis® technology information
The digital community depends on systems which secure information. However, encryption is only part of the solution to secure information from prying eyes.

The on-going discussion is all about A.Kerkhoffs principle (1883). His principle states: In a well designed system, only the key needs to be secret; there should be no secrecy in the algorithm.

To underline the importance of (and our support for) this principle we embrace this discussion. In order to support the discussion we render relevant information published on our website: http://www.vzg.nl/index.php?p=SalutisDiscussion-01.html

We are committed to follow the discussion and to provide further ingredients.

Kind regards
VZG Communications
The Salutis-Team


X-tien wrote on 2006-09-08 10:09 (local):

Re: Additional Salutis® technology information
Paraphrasing Kerkhoff, there should be no "security through obscurity".

On the VZG website they say

   The system must receive on a regular basis new codebooks to determine the proper OTP key.

That's the key to the issue. If you accept that you have to distribute codebooks though a separate secure communication medium, then you're fine. But then, why not use that separate secure communication in the first place?

For a practical implementation, distributing codebooks doesn't make sense.


(Anonymous) wrote on 2006-09-11 07:10 am UTC :

Re: Additional Salutis® technology information
We should ponder for a brief moment on the following question: “Was it wise to state the commercial products are strong enough?”

One could conclude that encryption strength is measurable. Such a quantification of encryption strength will be most welcome because customers can tell the difference between a bad and good security product. Unfortunately, there is no (easy) quantification for encryption strength. Suppose it is possible to quantify the encryption strength. Than the next problem that needs to be solved is how to relate or translate this measurement in what is required to secure the information.

Therefore, the statement that commercial encryption is strong enough has to be considered false. We can only assume that the protection offered by commercial encryption products is acceptable based on experience and best practice. Whatever ‘acceptable’ might be.

You ask me to take this discussion to the forum of the international crypto community. However, this discussion is only of interest for this community if we answer the question: “Is the next generation encryption Salutis snake-oil?”

To proof or refute the statement the mysterious document is essential. It is no surprise that the manufacture discloses information, but this will not relieve you of your obligation to disclose this document to verify your (bold) statement. Before that, it is impossible to establish that the information the manufacturer made available can also be found in this document. The origin of the document could be a researcher.

Poor Auguste was spinning in his grave when you where paraphrasing him. Actually, you referred to a hacker term “security through obscurity” that is applied to most OS vendors to ignore security holes in the hope that nobody will find out about them. Again, this is not the issue at hand.


(Anonymous) wrote on 2006-09-11 07:10 am UTC :

Re: Additional Salutis® technology information
For the record August Kerckhoffs’ six design principles are:
1 The system must be practically, if not mathematically, indecipherable,
2 It must not be required to be a secret system (the enemy knows the System!),
3 The key must be communicable and retainable without the help of written notes. (The infamous yellow ‘post it’ sticker on the CRT),
4 It must be applicable to telegraphic correspondence,
5 It must be portable, and its usage and function must not require the concourse of several people;
6 It needs to user friendly.

I think that you were trying to point out that encryption systems need to be user friendly (principle 6) and no one will disagree.

Principle 5 brings forth the following questions I have raised earlier: Thus Salutis offer a practical solution for the one pad distribution? Is their implementation correct? Can we verify this?

Your main objection is the distribution of codebooks. I have already pointed out that this question is irrelevant. Let me explain why this question is of no importance. Assume that this one time pad is a 50 Mbytes encrypted file with truly random bits. The Internet age allows for sending files of this size. Than we must conclude that there is no need for a secure channel to communicate because the key is only part that needs to be secret. Assume that even in the digital era this is not a realistic solution!

Science is all about the method that provided for the answer of a question. For example: Is it possible to realize a practical one time pad? If the answer is ‘yes’ than this will send a shock wave through the international cryptographic community.

To answer this important question it is essential to forget all about the traditional concept of a one time pad in the digital era. We need to think about other methods. For this I have read all the available Salutis information and ended up with plethora questions. After careful analysis and shifting through these questions, I could no longer resist the following paradox: Salutis sends all possible messages before it sends the key! The plot thickens…

All the algorithms in use by Salutis are age old, accepted by the international crypto community, and very mind numbing. Probably without knowing and to my surprise, they (The Salutis Team) created the seventh design principle. Let us call that the Salutis design principle.

7) If a cryptographic algorithm fails to be secure, it will not implicate that the encrypted message is broken.

The next question arises: Did the Salutis engineers manage to design a system in anticipation of that nothing can be secure? Assume this a fact. Should I be bothered to determine if Salutis is an OTP or not?

My dear X-Tien you should read the article Mathematical Games (A new kind of cipher that would take millions of years to break) by Martin Gardner. He gives an excellent definition of unbreakable.

I think principle 6 is not essential for this discussion.

I am so confused
WBAGUNAEVPZNA


X-tien wrote on 2006-09-11 09:42 am UTC:

Re: Additional Salutis® technology information
yeah, right. no more discussion here. get your act together, then come back.


thesalutis team wrote on 2006-09-13 00:02 am UTC:

Re: Additional Salutis® technology information

The discussion started by X-tien and responded by Mr. or Mrs. Puzzled Anonymous has come to a (temporary) pause. Both discussers are wondering what is going on. The Salutis - Team wishes to contribute in solving this questionnaire.

The Salutis - Team cordially invites both X-tien, Mrs. Christine Karman and Mr. or Mrs. Puzzled Anonymous (WBAGUNAEVPZNA) to come and attend a demo of the Salutis® applied technology. We hope we can meet in Holland soon. Regards!

The above mentioned invitation has been successfully posted tonight on Mrs. Christine Karman's web log. However checking on the correct posting, we found that Mrs. Karman (temporarily) allows further discussions to be read by only herself. This is why readers on her web log will not find this invitation unless they consult our site.

(c) Copyright VZG communications, 1994-2006. Alle rechten voorbehouden