'Hacker-proof' system? You be the judge
(Credit:
EADS)
Aerospace giant European Aeronautic Defence and Space has introduced a "hacker-proof" encryption technology that it claims will revolutionize Internet security and bring "cryptography into the 21st century."
The system, called "Ectocryp," was developed for military and business applications by researchers and engineers at EADS' Defence and Security Systems division in Newport, South Wales. The team relied on technology developed by the U.K.'s Government Communications Headquarters, sister agency to the NSA and formerly known as Government Code and Cypher School, of German Enigma fame.
The system owes its success to the "lightning speed with which the 'keys' needed to enter the computer systems can be scrambled and reformatted," reports the Telegraph. "Just when a hacker thinks he or she has broken the code, the code changes." (See related video.) The system is the first "Top Secret, Eyes Only" High Assurance Internet Protocol Encryptor (PDF) device in the U.K., according to the company.
How secure is it? Send your most excellent and sensitive Ectocryped data around the globe, and "all the computer technology in the world cannot break it," EADS sales manager Gordon Duncan boasted to the Telegraph.
Note to hackers of the Peeps Liberation Army: The gauntlet is officially down.
Mark Rutherford is a West Coast-based freelance writer. He is a member of the CNET Blog Network, and is not an employee of CNET. Email him at markr@milapp.com. Disclosure. 
That's just a fact of life and it is always going to be a fact of life.
- I think there is a misunderstanding
- by El Chupageek September 20, 2007 7:16 AM PDT
- I don't think the other commentors really understand what this article is referring to, the first certainly not. Leria, this is referring to an encryption scheme rather than a network or specific machine. You can't "get into the system" per se when all you are talking about is encrypted data, though to actually refute your point in terms of systems, while there are theoretically exploitable flaws in any complex system that does not mean that a hacker (which likely isn't even the proper term in most scenarios) can always get in. Point of fact, the Windows Update scheme is perhaps the largest target for malware distributers on the net, as it could feasibly be use as the greatest delivery mechanism possible, and there is millions of dollars possible if one could use it as such. However it has never been compromised for this purpose.
- Like this Reply to this comment
-
(3 Comments)On the real subject at hand, I believe what the researchers have announced is that they have an encryption scheme that they do not believe can be feasibly brute forced by all of the current computational power on the globe, and that further they do not believe there to be a flaw in the scheme that can be used to predict decryption keys without brute force analysis. In that they believe it is not possible to actually crack the encryption and read the decrypted data by anyone.
The first achievement is not all that great; your standard 128bit encryption used in an SSL session is outside the brute force potential of the "hackers" that would potentially be trying to break it, with the one exception of the group that runs the storm botnet system, though someone like the NSA probably has the hardware on premisis that could. Moving up to 1024 and 2048bit encryption schemes pretty much guarantees it won't be brute force cracked by anyone, and there are several algorithms already commercially used that can claim that.
The second point, about the scheme not having a flaw that can be used to predict keys without brute force analysis is a bit balsey to claim without having published the algorithm and given crypto researchers around the world time to hack on it.
That said, given that it apparently uses a shifting key scheme I can't help but wonder if there is a predictable flaw in the key generation and propogation system.