This post is to talk about the “unfair” marketing approach of Gold-Lock, an israeli company doing mobile voice encryption authorized by Israeli Ministry of Defence .
Following an announcement seen on Linkedin “Information Security Community” group:
GoldLock is offering US$ 100.000 and a job for an unencryption
Not having a public protocol specification is not even scientifically serious to make a marketing tricks like this.
I would say to gold-lock, let’s release the source code and let anyone compile the cryptographic engine if you trust not to to have something nasty inside… ;)
So… They will pay $100k if you get through the AES and the hassle with keys.
If someone would pull it off they would certainly make a truckload more money elsewhere. Plus they would retain the rights to the code/technology that they created, which isn’t the case if they go for the $100k since the License pretty clearly says that:
# An assignment letter to Gold Line, in a form satisfactory to Gold Line of your technology and the Work Plan (the “Technology”). Such assignment form shall enable Gold Line to transfer the rights on the Technology to Gold Line, including the right to register patents and all other rights.
# A release and waiver form, in a form satisfactory to Gold Line, duly executed by you and any other participant of any rights to the Technology.
Plus of course Gold Line retains the right to change the rules of the game with prior notice. Or needing to notify afterwards either.
Sounds fair :)
I would say that all those considerations from security experts from well known and established security companies bring us to consider that:
- Gold-lock is not transparent on their encryption at all and they work trough bad practice of Security Trough Obscurity (no one know what’s inside the product)
- Gold-lock is not playing a fair game by proposing this ‘security contest’
- Gold-lock being certified by Israeli ministry of defence may raise doubt related to possible relationship with the intelligence… Read by post Certified by Israeli MInistry of Defense.
Voice security is a sensible matters and lacks of transparency and governmental relationship for cryptographic choices usually does not provide anything good…
Think about it…