[3098] in cryptography@c2.net mail archive
Re: Shark Oil?
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Mon Jul 27 16:28:05 1998
To: "Stephen Cobb, CISSP" <stephen@iu.net>
cc: Bill Neugent <wneugent@mitre.org>, cryptography@c2.net
Date: Mon, 27 Jul 1998 13:48:15 -0400
From: Steve Bellovin <smb@research.att.com>
In message <199807271434.KAA26225@bb.iu.net>, "Stephen Cobb, CISSP" writes:
> Bill
>
> I don't mean to play stump the list, and my apologies if we have already cove
> red this ground, but you obviously had some useful background on TriStrata...
> how about JAWS?
>
> As in "unbreakable 4096-bit winner of the $5 million hacker challenge." From
> Calgary, formerly-E-Biz, now called JAWS Technologies, principal parties Robe
> rt Kubernuss and Ed Macnab.
>
> And I quote: "the Jaws "L5" routine uses the keys as a portion of the formula
> e to decrypt, making it mathematically impossible to break given a large enou
> gh key. The data is shifted and additionally encrypted with a random number g
> enerated at the time of encryption, used to determine password authorization
> upon decryption." http://www.jawstech.com.
I'm never impressed by secret algorithms. And claims of "unbreakable"
always raise warning flags for me -- it's almost always pure hype.
In this case, I'm also amused because some of the claims they make
for the encryption algorithm are true of any intelligently-used block
cipher.
However, this site had two points that I found hilarious. First, they
state -- explicitly! -- that you can apply their encryption algorithm
*before* compression. Sorry, folks; decently-encrypted text is not
compressible. Second, if you want to try their challenge, you have
to register first -- via a link protected by a 40-bit cipher. This
is how a security firm behaves?
