Bodacion Technologies is so confident that the cryptographic scheme in its Hydra Internet Server is unbreakable that it is offering $100,000 to anyone who can crack the system.
The companys encryption output is based on an offshoot of chaos theory called biomorphic mathematics that is used to generate what Bodacion claims are truly random numbers, called “bodacions.” Those numbers are then used to seed the cryptographic algorithms used by Hydra, which include triple-DES, AES and RC4.
Most algorithms rely on pseudo-random number generators that eventually repeat their output and are therefore theoretically predictable on some level.
Bodacion executives contend that Hydra will never generate the same number twice and that users will therefore never receive duplicate session IDs or customer IDs. Customers can also use Hydra to generate TCP initial sequence numbers.
Company officials also say that even if an attacker knew the basic math behind the encryption scheme, he would never be able to find a pattern in Hydras output in order to predict a subsequent number.
“The numbers are far more random than whats out there now,” said Eric Hauk, co-founder of Bodacion, a division of Virtual Media Inc., based in Barrington, Ill.
Hydra, available next week, is designed to function as a full-featured Web server without the need for a firewall or other security measures. It uses a proprietary embedded operating system that the company says is “unassailable by hackers.”
The company issued its challenge Friday to a group of security professionals at a conference in Washington sponsored by the National Security Agency. Under the terms of the game, Bodacion will give entrants 999 bodacions from a consecutive series of 1,000 and aske them to guess the final number.
The winner must be able to show how he arrived at his answer and prove that it wasnt just a lucky guess.
With this challenge, Bodacion could be setting itself up to join a long list of companies who have declared their products to be completely secure, only to be embarrassed later. Such statements tend to draw the ire of security experts and crackers alike.
Most recently, Oracle Corp. declared in its advertising that its 9i database software was “Unbreakable,” a claim that was proven false just weeks later when a U.K. security expert found several vulnerabilities in the product.
RSA Security Inc. has often held contests that pose a variety of challenges to cryptographers. In one such contest, the Electronic Frontier Foundation used its own supercomputer and spare computing cycles on idle machines around the world to find a DES key in less than 23 hours.