Comments on: 'Hacker-proof' system? You be the judge

Euro defense company develops "hacker-proof" encryption.

[Leria]

There is no such thing as hacker proof

There is no such thing as a 'hacker proof' system. If a hacker wants to get into a system badly enough..... he will do it, whether it is a military, corporate or personal system.

That's just a fact of life and it is always going to be a fact of life.

[geofbrewer]

'Hacker-proof' system?

Hacker-proof? Possibly. It's a matter of resources on the part of the hacker(s). It's a matter of the algorithm used and the key. What's the probabilty of someone actually cracking it without stealing? How much of hacking is actually no talent, subterfuge? I've fallen for cleverly disguised misdirection. I'm sure we'll hear about it soon enough.

[El Chupageek]

I think there is a misunderstanding

I don't think the other commentors really understand what this article is referring to, the first certainly not. Leria, this is referring to an encryption scheme rather than a network or specific machine. You can't "get into the system" per se when all you are talking about is encrypted data, though to actually refute your point in terms of systems, while there are theoretically exploitable flaws in any complex system that does not mean that a hacker (which likely isn't even the proper term in most scenarios) can always get in. Point of fact, the Windows Update scheme is perhaps the largest target for malware distributers on the net, as it could feasibly be use as the greatest delivery mechanism possible, and there is millions of dollars possible if one could use it as such. However it has never been compromised for this purpose.

On the real subject at hand, I believe what the researchers have announced is that they have an encryption scheme that they do not believe can be feasibly brute forced by all of the current computational power on the globe, and that further they do not believe there to be a flaw in the scheme that can be used to predict decryption keys without brute force analysis. In that they believe it is not possible to actually crack the encryption and read the decrypted data by anyone.

The first achievement is not all that great; your standard 128bit encryption used in an SSL session is outside the brute force potential of the "hackers" that would potentially be trying to break it, with the one exception of the group that runs the storm botnet system, though someone like the NSA probably has the hardware on premisis that could. Moving up to 1024 and 2048bit encryption schemes pretty much guarantees it won't be brute force cracked by anyone, and there are several algorithms already commercially used that can claim that.

The second point, about the scheme not having a flaw that can be used to predict keys without brute force analysis is a bit balsey to claim without having published the algorithm and given crypto researchers around the world time to hack on it.

That said, given that it apparently uses a shifting key scheme I can't help but wonder if there is a predictable flaw in the key generation and propogation system.