recentpopularlog in


« earlier   
Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica
Demo of crypto-cracking algorithm fails to convince experts.
On September 19, in a conference room at the Pelican Hill Resort in Newport Beach, California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of programmers staged a demonstration of Grant's claimed cryptography-cracking algorithm. Before an audience that a Crown Sterling spokesperson described as "approximately 100 academics and business professionals," Grant and Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and then derive the prime numbers used to generate them from the public key in about 50 seconds.
In a phone interview with Ars Technica today, Grant said the video was filmed during a "business session" at the event. The "academic" presentation, which went into math behind his claims and a new paper yet to be published, was attended by "mostly people from local colleges," Hopkins said. Grant said that he didn't know who attended both sessions, and the CEO added that he didn't have access to the invitation list.
During the presentation, Grant called out to Chris Novak, the global director of Verizon Enterprise Solutions' Threat Research Advisory Center, naming him as a member of Crown Sterling's advisory board. The shout-out was during introductory remarks that Grant made about a survey of chief information security officers that the company had conducted. The survey found only 3% had an understanding of the fundamental math behind encryption.
The video of the demonstration is here. (The video was briefly marked as private, but is now back again.)
The demo was displayed from a MacBook Pro, but it appeared that it was being run in part via a secure shell session to a server. Grant claimed that the work could be used to "decrypt" a 512-bit RSA key in "as little as five hours" using what Grant described as "standard computing."
security  privacy  fraud  encryption 
18 hours ago by rgl7194
Snake oil or genius? Crown Sterling tells its side of Black Hat controversy | Ars Technica
In an exclusive interview with Ars, execs of controversial crypto company explain everything.
Robert Grant claims he is a reluctant cryptographer.
"The last thing I would've wanted to do is start another company," Grant, the CEO and founder of Crown Sterling, told Ars. "It's like my wife asking me if we can have another child... I have two. And I am not looking forward to another child."
But he and a collaborator believed that they had made a profound discovery, one that would fundamentally shake the core of modern encryption. "We thought, well, just out of a sense of responsibility, we should start a non-factor-based encryption technology," Grant said. "And that's what we did with Time AI."
Crown Sterling claims that its Time AI cryptographic system will fix the breakable-ness of RSA cryptography by using an entirely different method of generating keys, one that doesn't rely on factoring large prime numbers. Time AI is intended to resist cracking even by advanced quantum computing technology—which has concerned cryptographers because of its potential to more rapidly perform algorithms capable of solving the difficult math problems that cryptography relies on.
Time AI, announced by Grant in a controversial sponsored presentation at Black Hat USA earlier this month, is not yet a product. In fact, Crown Sterling has not published any technical details of how Time AI works. (Grant said that the company is working on a "white paper," and it should be out by the end of the year.) An academic-style paper published by Grant and presented at Black Hat claims that most Internet cryptography can be cracked, but it has been challenged by mathematicians and cryptographers, as well as many other security professionals.  And the company's recent Las Vegas presentation was interrupted by one very persistent heckler and then disavowed by Black Hat, leading to a lawsuit against the conference.
So when Crown Sterling's spokesperson reached out to offer Ars the company's side of the story, around both Time AI and the now-legendary Black Hat event, we were eager to hear it.
security  privacy  fraud  encryption 
18 hours ago by rgl7194
Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago - Schneier on Security
Earlier this month I made fun of a company called Crown-Sterling, for...for...for being a company that deserves being made fun of.
This morning, the company announced that they "decrypted two 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer." Really. They did. This keylength is so small it has never been considered secure. It was too small to be part of the RSA Factoring Challenge when it was introduced in 1991. In 1977, when Ron Rivest, Adi Shamir, and Len Adelman first described RSA, they included a challenge with a 426-bit key. (It was factored in 1994.)
The press release goes on: "Crown Sterling also announced the consistent decryption of 512-bit asymmetric public key in as little as five hours also using standard computing." They didn't demonstrate it, but if they're right they've matched a factoring record set in 1999. Five hours is significantly less than the 5.2 months it took in 1999, but slower than would be expected if Crown-Sterling just used the 1999 techniques with modern CPUs and networks.
Is anyone taking this company seriously anymore? I honestly wouldn't be surprised if this was a hoax press release. It's not currently on the company's website. (And, if it is a hoax, I apologize to Crown Sterling. I'll post a retraction as soon as I hear from you.)
EDITED TO ADD: First, the press release is real. And second, I forgot to include the quote from CEO Robert Grant: "Today's decryptions demonstrate the vulnerabilities associated with the current encryption paradigm. We have clearly demonstrated the problem which also extends to larger keys."
People, this isn't hard. Find an RSA Factoring Challenge number that hasn't been factored yet and factor it. Once you do, the entire world will take you seriously. Until you do, no one will. And, bonus, you won't have to reveal your super-secret world-destabalizing cryptanalytic techniques.
EDITED TO ADD (9/21): Others are laughing at this, too.
security  privacy  fraud  encryption 
18 hours ago by rgl7194
The Doghouse: Crown Sterling - Schneier on Security
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil."
I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. But every so often, a new company comes along that is so ridiculous, so nonsensical, so bizarre, that there is nothing to do but call it out.
Crown Sterling is complete and utter snake oil. The company sells "TIME AI," "the world's first dynamic 'non-factor' based quantum AI encryption software," "utilizing multi-dimensional encryption technology, including time, music's infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs." Those sentence fragments tick three of my snake-oil warning signs -- from 1999! -- right there: pseudo-math gobbledygook (warning sign #1), new mathematics (warning sign #2), and extreme cluelessness (warning sign #4).
security  privacy  fraud  encryption 
18 hours ago by rgl7194
Method Media Intelligence - Anti- ad fraud
Method Media Intelligence empowers its clients with the training, tools and intelligence needed to ensure that their media investments are spent wisely on quality supply channels. MMI is driven by a passionate belief that the good intentions of marketers to reach digital consumers have been undermined by the highly fragmented digital media ecosystem. We work exclusively to return the moral high ground and improved optics to marketing organizations.
advertising  technology  new-companies  fraud 
2 days ago by dancall

Copy this bookmark:

to read