Prev: length of pw
Next: Subj: A 3D pattern found in Prime Number sums - using the golden ratio log! - Updated
From: Ohm on 22 Feb 2010 00:27
I came across this product, called "encrypt stick", they claim to use
something
I never heard of, called polymorphic encryption.

Anyone could advise if this products sounds like a snake oil?

I am copying below their technical explanation:

From:
https://www.encrypt-stick.com/our-technology

The ENC Polymorphic Method

The idea behind Polymorphic Encryption is to create an Encryption System,
where the encryption algorithm itself is variable. The Polymorphic
Encryption System is comprised of thousands of combinations of different
base functions. Each of these base functions manipulates data in a
different way. Additionally there is the Crypto Compiler. The Compiler
selects different base functions and arranges them in a specific sequence
and maps out how and when that sequence will change. This sequence of base
functions and the way in which they change represent the ‘Encryption
Algorithm’. How the Crypto Compiler creates this ‘Encryption Algorithm’ is
dependent on the Encryption Key. That is to say that the ‘Encryption
Algorithm’/ the sequence of base functions and they way that the sequence
will change, will be different for every different Encryption Key. In 512
bit cipher there are 2^512 different possible keys, therefore in the 512
bit Polymorphic Encryption there are 2^512 different possible encryption
algorithms that can result. (2^512 = 1.34 x 10^154 or 134 followed by 152
zeros)

This is fundamentally different from conventional encryption algorithms
such as AES, which rely on a single encryption algorithm. In Polymorphic
Encryption, the number of variables is always greater than the number of
constants. This variable nature of Polymorphic Encryption makes it
extremely difficult to analyze and limits the number of cryptanalytic
tools that can be used to analyze the system. The ‘Encryption Algorithm’
itself doesn’t even exist until a key is entered into the system..

Additionally with Polymorphic Encryption we are able to create 10s of
thousands of different Polymorphic Encryption Systems all with similar
properties of strength and speed. This is done by changing the way that
the Crypto Compiler arranges the base functions, or by changing the base
functions themselves. Why is this important? Each different application
can have its own unique Polymorphic Encryption System.

With conventional encryption such as AES, the same encryption algorithm is
used in all different application. This means that the entire world can
focus on analyzing and trying to break that one encryption algorithm. If
Polymorphic Encryption were to become a standard, there would be thousands
of different Polymorphic Encryption Systems. In each system the
‘Encryption Algorithm’ would be completely variable. And each Polymorphic
System would create the ‘Encryption Algorithm’ in a different way. This
would give cryptanalysts and hackers nothing to focus on. If by some
profound miracle a specific Polymorphic Encryption system was hacked, only
the single application using that Polymorphic Encryption System would be
compromised. Attackers would have to start from scratch when attacking a
different Polymorphic Encryption System in a separate application. This
differs greatly from AES where the same Encryption Algorithm is used in
all applications.

From: J.D. on 22 Feb 2010 00:38
> I never heard of, called polymorphic encryption.
>
> Anyone could advise if this products sounds like a snake oil?

Yes, it is snake oil. These may in fact be the same bullshit artists
that Schneier was lambasting back in 2003: http://www.schneier.com/crypto-gram-0303.html#4


From: Mok-Kong Shen on 22 Feb 2010 11:12
Ohm wrote:
> I came across this product, called "encrypt stick", they claim to use
> something
> I never heard of, called polymorphic encryption.
>
> Anyone could advise if this products sounds like a snake oil?

If for any reason you don't like to use the peer-reviewed algorithms
in software in really 'trustworthy' implementations, the 'only' (next
best) way is to write your own encryption codes, thereby however to
remain 'thoroughly' conscious of the high risks you have 'voluntarily'
engaged yourselves in. Forget everything else on the crypto market!!

M. K. Shen
 | 
Pages: 1
Prev: length of pw
Next: Subj: A 3D pattern found in Prime Number sums - using the golden ratio log! - Updated