Ciphers To Help With Security
The Hanalei Company
is not only committed to helping you safeguard your data from disaster by
increasing its survivability, but we also work to guard the privacy of
that same data while in backup form. Our experiences with data security in
both the production and theoritical realms gives us the necessary edge to offer
unique and powerful tools not available anywhere else.
The Hanalei Company
incorporates encryption software in its products when necessary to help offset
the potential loss of NTFS access controls while the data sits on a non NTFS
volume (e.g.- hard disk, DVD, CD, etc.). Using advanced AES ciphers for high
speed, nuclear weapons strength protection, our products scream while providing
the best protection in the industry today. But
The Hanalei Company
provides more than just product edge to the market.
The Hanalei Company
offers free downloads of very strong encryption software for the software
developer to utilize. These include elliptic curve cryptography software and
advanced encryption standard software.
Elliptic curve cryptography is a fundamental and widely
accepted asymmetric cipher, growing in popularity and confidence across the
board.
The Hanalei Company
offers its own short, sweat, and easy to use ECC software library for download.
The software consists of four C++ template classes that make writing public key
generation code as simple as the math behind it:
P = r*Q.
That's right, it is really that simple! (You cannot do that with RSA or PGP.)
Unlike other C++ offerings, we offer the true power of C++ combined with
nuclear weapons grade encryption, all in four simple files available for you to
download right now at no cost.
AES, or the Advanced Encryption Standard, is the new cipher program promoted by
the U.S. government and widely acclaimed by many scientists, programmers, and
hobbiests from all around the world that had an opportunity to examine
each of the candidate ciphers and prove what they could in weaknesses of
each. The AES is the title of the cipher chosen by the government
through the proving process and accepted as a worthy cipher by all
who watched the selection process unfold.
Why does
The Hanalei Company
want you to have these files for free? Well, there are two reasons, really.
First, the US Commerce department strictly controls encryption software
over the Internet unless it is free. After the Bernstien decision, the U.S.
Commerce department was forced to carve a hole in their regulations to allow
freedom of speech, at least on free software. This is why our cipher source code
is free. Second,
The Hanalei Company
firmly believes encryption software must always be open to the general public
to be meaningful. Public inspection is necessary to make a cipher acceptable.
This is why our cipher source code is available for download on the Internet
today.
If you download the software and decide to examine it for weaknesses, please
consider sending us a draft of your findings at
cipherinspection@hanaleicompany.com. We will include all reports in our white
papers page.
Additionally, check out other news and information in the world of security:
Security Cannot Be Bought
A product is not secure because the manufacturer says it is. A product is not
secure because you are convinced it is. If you believe a product is secure,
then all you can say is that
you believe it is secure. You cannot
prove it, for you cannot prove a negative - that it cannot be broken.
Would you trust a product just because its manufacturer makes a number of
claims? With some products you could without trouble. But the nature of
security is to protect vital information or objects. Thus, it has more than
average value to individuals or entities.
Security cannot be trusted to merely the claims of manufacturers. In many
cases, it cannot be trusted to the inspection of a hand full of self proclaimed
experts in the field (who may have been contracted to validate the product by
the manufacturer).
Security is generally so important that security products can be trusted by
wise people only after they are freely available to the entire world for
inspection. Such a large inspection team of experts and amateurs ensures that
the product is what it claims to be. And then, only when well publicized
inspections take place.
But once open to the public for free, the source code itself no longer has the
marketing potential it had before it was opened to the public. This conflict is
what makes security like love - it must be shared, not sold.
Certifying Authorities
One problem with the industry's use of public key encryption is the trust
infrastructure that the industry is putting into place. It is being pushed by
those who want to promote e-commerce and e-banking. (Ask yourself, what is
their interest?)
Their best strategy thus far is to give consumers confidence through some type
of trust structure that appears credible due to the many hoops
they go
through to manufacture a public key certificate. In the end, you still are left
with trusting someone who is just as unknown if not more so than your intended
conversation partner. In fact, you are left trusting a string of individuals
you have never met and each one represents a potential weak link in the chain.
A good alternative is for Alice and Bob to exchange keys in person. Or, they
can download each other's keys from each other's respective web pages and
verify the authenticity of each key via a phone call (they can recognize each
other's voices).
Coveted Guarantee
There is a saying, that a secret between two is truly a secret only after one
is dead. It is this
absolute certainty of secrecy integrity that is
coveted in the discipline of security.
Of all the ciphers known to man, only the theoretical one time pad offers the
guarantee that the cipher text can be unbreakable. Some argue that while this
fact remains true for the theoretical one time pad, it does not hold true for
the practical one time pad. The issue in trying to approach the TOTP is in
determining how close one comes. What I want to draw your attention to is that
no other cipher, theoretical or otherwise, can make this claim.
Another interesting fact about the OTP is that in trying to determine the
original plain text, any candidate has equal chance of being correct (and thus
the strength of the TOTP). Very few ciphers, if any, other than the OTP can
make the claim that their cipher text can decode into multiple plain texts with
no evidence to prove if the decryption was correct.
Misleading Advertisement
Public key ciphers offer the advantage that a person can share their public key
over an insecure media, but this is the extent of benefit. It does not ensure
that the private key that is used to decrypt a message has not been
compromised. While most people are lead to believe that an asymmetric cipher
offers advantages over a symmetric cipher in this area, from the view of the
sender, there is no difference.
Strength in Fewer Bits
The security strength of some ECCs with curves sizes less than 600 bits are
beyond astronomical, well capable of providing adequate security for the
American nuclear arsenal's launch codes, and plenty strong for every day
around-the-house use.
As you know, the math problems for
public key encryption are believed to be intractable. As a safe guard,
however, The Hanalei Company
provides elliptic curves that are large enough to remain formidable in the
event of a sub exponential time attack discovery.
Nuclear Strength Cryptography
Public key encryption
software by
The Hanalei Company
employs only Elliptic Curve Cryptography of field sizes on the order of as many
as 570 bits. This yields strength comparable to PGP or RSA field sizes in the
tens of thousands of bits. While many consider this overkill, it should be
pointed out that if a sub exponential time attack solution is found, ECC is
only weakened, but not made useless. With 570 bits, ECC would still be
considered a formidable cryptosystem.
On the other hand, RSA already has known sub exponential attacks arrayed
against it. If a new development is made in the area of attacks, it could quite
possibly destroy any usefulness that is found in RSA.
Additionally, some ECC curves can be used to safeguard
nuclear launch codes with key sizes in the range of 350 bits. For RSA, the same
confidence may not even exist today with less than 10,000 bits.