January 27th, 2003, 12:56 PM
Snake Oil Warning Signs
Snake Oil Warning Signs: Encryption Software to Avoid
I found this nice article while browsing some encryption FAQ's..
thought it might interest you people..
Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security.
Why "snake oil''? The term is used in many fields to denote something sold without consideration of its quality or its ability to fulfill its vendor's claims. This term originally applied to elixirs sold in traveling medicine shows. The salesmen would claim their elixir would cure just about any ailment that a potential customer could have. Listening to the claims made by some crypto vendors, "snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing: all encryption utilities produce garbled output. The purpose of this document is to present some simple "red flags'' that can help you detect snake oil.
For a variety of reasons, this document does not mention specific products or algorithms as being "good'' or "snake oil.''
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
January 27th, 2003, 05:52 PM
Good article, teh_jinX, a bit lengthy but a good read. Makes me feel better about finally falling back onto the last iteration of PGP (the one just before Mr. Z. left for bigger ponds) for my encryption. The subject of encryption and security for corporations and government is a field that has been seriously deficient in times past... and probably still is, inertia being the force it is in making any serious courst deviations. Anyway, a good read. Thanks.