April 29, 2009, 11:25 AM — It isn't the best marketing proposition to sell encryption products next door to a fellow exhibitor who promises they can crack them.
But that's what happened on the opening day of the Infosec conference on Tuesday, with encryption company PGP positioned about 10 feet away from ElcomSoft, a Russian company that makes password recovery software.
Wallpaper on ElcomSoft's stand reading "The Only Way to Break PGP" was ripped down by Infosec conference organizers after complaints from PGP's marketing team just before the show opened.
ElcomSoft posted photos of the take-down on its blog, charging that Reed Exhibitions, Infosec's organizer, was vague about its reasons for removing the poster.
Ironically, ElcomSoft picked a spot on the conference floor close to PGP intentionally. Since Tuesday, the kerfuffle has been dismissed as a misunderstanding -- but one in which neither side is backing down.
"We didn't say anything wrong," said Vladimir Katalov, ElcomSoft's chief executive, who is in London for Infosec. "We are not lying about what we are doing."
ElcomSoft specializes in software that can crack unknown passwords for a variety of software programs made by vendors such as Microsoft, Adobe Systems, IBM and others. The software is intended for administrators to recover lost passwords and would be illegal to use without proper permission.
ElcomSoft products employ off-the-shelf video cards from Nvidia to figure out the passwords, taking advantage of those chips' parallel processing capabilities to calculate passwords much faster than desktop processors can.
Last week, the company announced an upgrade to its ElcomSoft Distributed Password Recovery (EDPR) product that increases the speed at which passwords can potentially be recovered from a hard disk with PGP encryption.
PGP encrypts data using 128-bit and 256-bit AES (Advanced Encryption Standard) keys. AES is an open standard that has been approved by U.S. for government use and is regarded as highly secure.
If a long password is used with special characters, AES is regarded as nearly uncrackable. But if people use simple passwords, such as those that are eight characters or less with no special characters, it is possible in some cases to recover the password, according to ElcomSoft.
ElcomSoft is a responsible company with a great product, but the marketing banner was a lie, PGP's CTO Jon Callas wrote in a blog post titled "Lies, Damned Lies, and Marketing."
"They're not breaking PGP, they're doing password cracking," Callas wrote. "There's a difference."
ElcomSoft has been very careful in how it describes its products and makes no claims of flaws in PGP products, Katalov said. "There's no weakness, no backdoor," he said.
Reed Exhibitions thought the wallpaper crossed the line, however. After the wallpaper was removed on Tuesday, ElcomSoft replaced it with signs saying it has been removed due to a complaint from PGP.
Later in the day, ElcomSoft received a letter from Reed saying it had received a complaint from Jamie Cowper, director of PGP's European marketing, about a "derogatory promotional display."
Katalov said he thinks PGP thought the offending phrase would potentially confuse people at Infosec, but PGP's marketing team doesn't fully understand ElcomSoft's technology.
ElcomSoft has since been supplied with wallpaper by Reed Exhibitions with less controversial slogans.
Reed Exhibitions CEO Alastair Gornall said the vendors have to abide by certain terms and conditions in regards to marketing slogans in order to participate in an event.
"We're sort of peacemakers here," Gornall said. "We want a flat playing field for everyone to compete in a constructive manner.
