Cisco Blogs

Warning: Data Will Self-Destruct

July 28, 2009 - 5 Comments

This week’s Cyber Risk Report (CRR) discussed the newly available Vanish software that allows users to exchange messages whose contents are available for a limited period of time, and rendered unreadable afterward. Researchers from the University of Washington developed Vanish to protect against the recovery of the message data at a later time. The software leverages distributed hash tables (DHT), part of the infrastructure of torrent networks, to store keys to an encrypted message known as a Vanish data object (VDO). The keys are then publicly available for a period of time, allowing anyone in possession of the VDO to read it by retrieving the key from the DHT. Once the time expires, the keys are removed from the DHT and no longer available to decrypt the data.As a result, users can be reasonably sure that messages will no longer be able to be decrypted after a certain period of time. No matter where the data ends up, stored within the cloud, e-mail server backups, or ISP logs, the data is unrecoverable — aside from attacks against the encryption itself, such as brute force attacks. Even under threat of physical or legal compulsion, a user could not recover the key and decrypt the VDO after the specified time period passes, making the scheme best in a certain set of circumstances.The University of Washington researchers admit that this scheme is best used for messages meant to be read once, processed, and then forgotten about forever. Because messages eventually become unrecoverable, they aren’t meant to be used for archival purposes. The unrecoverability of messages may impact data retention policies for businesses or ISPs who must comply with laws in their country. As a result, organizations may decide to intercept, decrypt, and store in plain text any VDOs that pass through their systems, weakening the Vanish protections.The best use may be in e-mail messages between only a few parties when contents must stay secret for days or weeks. The University of Washington has developed a plugin for the Firefox browser that allows users to encrypt the contents of any messages within the browser. By encrypting e-mail messages between a few recipients, users can ensure that messages are accessible while they are relevant and then rendered unrecoverable without further action from the user.Vanish suffers from limitations, however, in the period of time before key expiration. If employers, ISPs, or governments simply decrypt and store all VDOs passing through their systems, those decrypted copies could be referenced later. Additionally, the more exposed the messages are, the greater the chance that the messages or keys will be copied or saved in plain text while they are recoverable. While the researchers suggest that Vanish is a good candidate for email services, social networks, or public forums, the system is designed in such a way that the fewer parties with access to the VDO, the better.Vanish functions best in a scenario involving few private parties who have no limitations in regard to legal requirements of data retention or auditing. For users who wish to compliment existing encryption schemes and want to prevent retrieval of data throughout a number of systems, Vanish works as advertised.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. The way that Vanish leverages P2P and the DHT is one of the most interesting parts of the project. The framework has interesting applications for both reliability and reliably ensuring data expiration.Thanks for your comment.

  2. It is a very interesting idea, the P2P model may be used for many different purposes, such as for reliability (the opposite side of Vanish DHT).

  3. Thanks for your comments.I certainly agree that the usages are limited. Vanish may work best in combination with PGP or other types of encryption.But, in the end, the software is the product of a research project, rather than a commercial product. Maybe in the future some of those drawbacks could be remedied.

  4. This is very interesting indeed but I have doubt on the real usage potential of such cryptographic technology. I believe multiple keys technologies are more convenient and more useful. It's all about consumer perspective and the drawbacks. The flaws during the key lifetime prevent the use in high security environment, i wonder what i would be in a consumer one.

  5. it's great!