Virtual Adventures has developed a new form of encryption, and to prove its strength, the company is letting anyone try to crack it.
Developed 10 years ago as part of a video game, Vase Software’s original purpose was to enable secure transfer of video files. The game ultimately failed, but the video encryption system proved surprisingly strong. In the years since, the company transformed itself, switching from game design to cryptography. The company has spent the last few years refining the software from an overly-complex form into a user friendly, market-ready version.
Although Virtual Adventures was hesitant to reveal the proprietary mechanisms of their product, I was able to tease out a pretty distinctive detail: Unlike most other encryption systems, Vase Software is not based on prime numbers, which have some known vulnerabilities.
The software is an information protection system aimed at sensitive databases and other stored information. It’s not a tool for protecting communications as they happen. Instead, think of it more like a safe than a private conversation—Vase Software locks up the valuable databases until they need to be accessed, and makes sure that only someone with the right software can use that data.
It’s all but certain that the encryption will eventually be broken. The goal was not to make an impossible-to-crack system; just an incredibly difficult-to-break one. Vase protects sensitive information, which tends to degrade in value over time. The longer a sensitive database takes to un-encrypt, the safer it is, and it’s easy to imagine a scenario: if files were stolen that contained the location of every CIA agent in a country, it’d be a lot better for the CIA if that file took six months to break, rather than six days.
In February, Virtual Adventures set up a site called “Can you crack this?”, encouraging hackers to try their hands at breaking any of the six encrypted files available for download. There’s even a boastful twitter account that dares the intrepid and savvy to crack the software. Elton Elliot, CEO of Virtual Adventures, also plans to test the product at hacker conventions.
While talking with Elliot, the topic of cyber security, and specifically a “cyber Pearl Harbor,” kept coming up. As threats go, it’s hardly world-ending, but I was curious to find out how software that stores encrypted data could protect against a cyber attack that actively disrupts communications and live information. To continue the earlier analogy, this sounded to me like implying a locked bank vault kept the store next door safe. Fortunately, cyberspace isn’t bound by crude physical space metaphors, and it turns out that encrypted information within a virtual safe can protect an entire system. Think about it this way: If all passwords needed for machines to communicate with each other were in a safely encrypted database that required Vase software to un-encrypt, and if the Vase software effectively and rapidly responded to such a breach, it would be that much harder for an attacker to gain access.