SOURCE: Meganet Corporation Meganet Corporation Ships Virtual Matrix Encryption Nationwide; New $1.2 Million Challenge Begins Today LOS ANGELES, April 1 /PRNewswire/ -- Meganet Corporation, who challenged Microsoft (Nasdaq: MSFT - news), Intel (Nasdaq: INTC - news), Dell (Nasdaq: DELL - news), AT&T (NYSE: T - news), NCR (NYSE: NCR - news) and many other high tech companies with their unbreakable encryption is shipping VME98 nationwide. As of today, April 1st, 1998, anyone in the continental United States of America can buy VME98 directly from the Meganet web site at http://www.meganet.com. Prices for the standard edition are only $100 for a fully operational application. After 12 months of Research & Development, Meganet Corporation completed 21 different commercial versions of VME98 last month, and the product is now being sold nationwide through the World Wide Web. Virtual Matrix Encryption is the strongest encryption available today, and the product is available ONLY in the United States of America. Meganet Corporation is also launching their 3rd challenge which is worth $1.2 million over the next 12 months. Starting today, and for the next 12 months, Meganet Corporation will post a monthly $100,000 challenge for registered users of VME98. This new challenge shows Meganet Corporation has absolute confidence that VME98 is completely unbreakable. Today's date also marks 1 year from the first 1 million dollar challenge that brought Meganet Corporation nationwide recognition. The challenge lasted 45 days and over 55,000 people participated. None have succeeded. Today also marks the end of the second challenge which lasted over 6 months, where Meganet Corporation challenged the top 250 corporations in the U.S. to test and break VME97. None have succeeded. The challenge solution will be posted on the Meganet web site at http://www.meganet.com. =-= From: "Peter A. DeNitto"
This contest is mostly a Publicity stunt, and not one to actualy test whether their code is scure or not. They do not publish source code, they cannot sell to foreign nationals, and you cannot attempt to crack their code without first ponying up $100 to buy their toolkit. 55,000 participants... Does this mean that they count everyone who has bought their product as a participant? Meganet's contest is less of a contest and more of a Sweepstakes. If they cannot publish the source, then crypto groups cannot take a real look at their code and determine if different ways of attacking their contest can be found (other than brute force). And also, I find the fact that... "Due to strict export regulations we can not create a demo / shareware application that will allow everybody to participate in the challenge." Definately a win situation for meganet, since if you want a chance at $1.2Million you have to spend $100. I think this is against the law in most states. But then this is the internet and you can get away with most anything anyways. Reading their document, I believe their big flaw with their encryption to be tied with this statement: http://meganet.com/VME.html ... "...the key is not transferred but rather recreated on both ends based on a common file. The key can not[sic] be compromised[sic] since it's not being transferred." Having a common file on both machines from which a key is generated sounds like bad mojo in a live system. For their challenge, it's fine, but in a live system it's trouble waiting to happen. If you really want a contest that is acheivable, check out www.distributed.net, or http://www.certicom.com/chal/index.htm, or http://www.rsa.com/rsalabs/97challenge. These all detail the algorithms' used, provide source, and exercises. An interesting link also is http://www.interhack.net/people/cmcurtin/snake-oil-faq.html Authored by Matt Curtin ... Secret Algorithms Avoid software which uses secret algorithms. This is not considered a safe means of protecting data. If the vendor isn't confident that its encryption method can withstand scrutiny, then you should be wary of trusting it. ... Check out your local sci.crypt newsgroup or www.dejanews.com. There's a lot better discussion there. --Pete