Video Screencast Help
Security Response

Too good to be true

Created: 09 Oct 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:45:44 GMT
M.K. Low's picture
0 0 Votes
Login to vote

It's got Paul Anka's guarantee…guarantee void in Tennessee

One of my favorite Napoleon Dynamite scenes is when Napoleon and Kipare watching music videos and Napoleon says, “This is pretty much theworst video ever made”. Kip’s reply is “Napoleon, like, anyone can evenknow that.”

It’s true. How can you substantiate someone’s claim that they arethe worst, the best, the most user-friendly, or simply the only systemthat your company will ever need. Some people blindly put their trustinto companies without authenticating their claims. Just because acompany advertises for an “explosion-proof computer”,“unique, very efficient, non-algorithmic based encryption,” or“guaranteed secure credit cards,” doesn’t mean caveats don’t exist.Fat-free doesn’t necessary imply zero fat; it just means there is lessthan 0.5 g of fat per serving.

Companies making exceptional claims are nothing new. In a previous blog,a Web site was offering the service of protecting a site's content frombeing copied or stolen for the bargain price of $37.99. An identity theft prevention companythat has a million dollar guarantee for its service touts the motto “WeGuarantee Your Good Name. No one else does because no one else can.”The company’s CEO even has his social security number prominentlydisplayed on the Web site to show potential customers his trust intheir operation. (Coincidently, he was recently an identity victim himself when someone used his social security number to obtain a $500 loan.)

I recently found an article that an aerospace companyhas created the “world's first hacker-proof encryption technology forthe Internet”. According to the company, "All the computer technologyin the world cannot break it”. Basically, this marketing-speak istrying to say that a brute-force attack using all the computationalpower in the world is not feasible. If you look at current encryptionschemes, such as 256-bit key AES or 224-bit key Elliptic Curve Cryptography, brute-force attacks aren’t feasible on them either.

But somehow their bold claim that their technology is “hacker-proof”sounds far-fetched to me. In 1998, a 17-year old UK schoolboy createdan “unbreakable encryption program”, UBE98, with a 2048-bit key lengththat would take “30 billion years to crack”. Needless to say, it took less than a week to crack.The worse part is that a US software company bought the encryptionprogram and was selling it on their Web site (the company has sincebeen bought out).

So the moral of the story is buyer beware, or at least buyer beskeptical. Companies are banking on people’s fear and try to give thema false sense of security with bold, unsubstantiated claims. But, ifyou do believe in these claims, I have an offer for you. TheMegaCryptinator 8000 has new mathematics algorithms based on rollinghyper-cubic curves of finite fields. It uses the most secure1,048,576-bit key that encrypts your highly sensitive and secret datain a matter of nanoseconds on the world’s largest quantum computer. Andthe technology is guaranteed to last for the life of your company.Yours for five easy installments of $199.95!