Carnival atmosphere in security
Permanent Privacy just announced a $1 million prize to the person who can crack its algorithm and uncover the underlying encryption keys. I'm not a big fan of security showmanship like this from unknown security start-ups.
Summertime is the season for traveling circuses and local fairs, so I shouldn't be surprised that this carnival atmosphere has spread to security. A company named Permanent Privacy just announced a$1 million prize to the person who can crack its algorithm and uncover the underlying encryption keys.
Now I realize there is some history here. In January 1999, a group of academics cracked the 56-bit Data Encryption Standard in just over 22 hours and won a prize of $10,000. That said, I am not a big fan of security showmanship like this from unknown security start-ups.
Why? First of all, this "challenge" isn't really a challenge at all. Permanent Privacy technology is based upon the AES (Advanced Encryption Standard) algorithm and since no one has cracked AES, it's highly unlikely that anyone will crack AES with an additional proprietary security wrapper . Furthermore, information security is no longer an academic playground for brainiacs at Berkeley and MIT. Rather, it's serious business that impacts everything we do. Given this level of criticality, I'd rather see things like Common Criteria or FIPS certification than a publicity gimmick.
As a start-up, I understand that Permanent Privacy needs to generate buzz and all PR is good PR. Heck, I did the same thing as VP of marketing at a misguided CLEC during the boom. Security isn't like other technologies however, it's more about law, order, and safety. Oracle was dragged through the mud when it advertised its database as "unbreakable." Perhaps it's just me, but I think Permanent Privacy deserves a similar treatment in the market.