Barrie,
Perhaps I wasn't clear in my prior post about cracking DES and bit length... The point I was trying to make is that even 128 bit encryption can be considered statistically unbreakable... HOWEVER, most algorithms out there... especially those not based on widely accepted and tested techniques fall victim far quicker to cryptoanalytic attacks, not brute force attacks.. There is a serious difference between the two methods... For 4096 bit encryption, it would be ridiculous to even try to calculate how long it would take if you just randomly guessed at the answer (brute force)... given of course that the key source was sufficiently random.... (netscape encyption was hacked a few years back cause the key generation had detectible patterns which made the key search a far more efficient endeavor)..
In many cases, the design of the algorithm, and the scrambling processes that are employed mean more then the number of bits in the key... If the algorithm, or more to the point, the problem of backing into the key, can be collapsed to a trivial mathematical problem, then even a million bit key wouldn't helpya ... same thing if there is a flaw in the program design that allows a would-be cracker to gain vital info that would aid in cracking the key....Determining the strength of cryptographic algorithms is serious business and is a well-defined science....
Most people don't understand how this stuff works, and I am first now only beginning to scratch the surface myself... But one thing that has been well publicized is key length... and how 56 isn't safe and how the gov't won't allow export of 128 etc etc etc.... So it looks to me as if Jaws is trying to capitalize on the fact that the consumer, and the public is not knowledgeable on the advanced mathematics of encryption by touting extra large keys as adding security, when, in fact, that may or may not be the case... Sure, their claims could be entirely accurate.. but I have know way of knowing that until I hear differently from some kinda of verifiable industry source....
For another example of a company that is, IMO, doing a similar type of marketing as jaws, go check out Meganet at meganet.com read through their materials and see if it sounds familiar... Now meganet is listed on Peter Gutmann's encryption links page under the "snake oil" section... but how the HELL would I have been able to determine that for myself? When I first looked at their product it looked great, and the description was detailed enough to be way above my head.... so I figured it was legit.... and who knows.. maybe it is... but i don't trust my opinions on that matter as I am not an expert... which is why I rely on the expertise of others...
Enam |
