[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A Snake-Oil FAQ



-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 20 Jul 1996, Deranged Mutant wrote:

> Date: Sat, 20 Jul 1996 16:37:40 +0000
> From: Deranged Mutant <[email protected]>
> To: [email protected]
> Subject: A Snake-Oil FAQ
> 
> 
> I've written a short "Snake Oil FAQ" below.  It's incomplete and 
> needs some work (adding a few definitions, rewording, aesthetic 
> formatting, etc.), so think of it as a 'beta' FAQ (please don't post 
> it on web pages, though I don't mind if it's distributed among 
> anyone interested in criticizing or contributing).   Comments and
> suggestions would be appreciated.   Note that the aim is to write
> something  accessible to 'newbies'.  (Jeremy Barrett contributed to
> this, BTW)
> 
> 
>                           Snake-Oil Warning Signs
>                         Encryption Software to Avoid
> 
>                               (Revision 0.1)
> 
> 

Looks very nicely done.  I think you pretty much covered it... but...

> 
> Be wary of marketing gimmicks related to "if you can crack our
> software" contests.  
> 

Even the best cryptographers and security professionals have done this.
RSA did it with their Public Key system, which took 20+ years to break.
Throughout history, many security mechanisms, even the best ones,
including Cyphers, Locks, Firewalls, etc. have been known to go as far as
to offer prizes (some extremely high, upwards of a million dollars, some
as low as RSA's famous $100 prize)

I think that this one really is just a bit too broad.

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfHIJDAJap8fyDMVAQEucAf+JxcuBAIoI0pamvlryqLQETpwrBPoVaPi
EUMNWNY1B3iG9nuQ/3U5mhdMNK0ih4RoCDifMPnKGD+iDIjUoMHmGEDtScBCLVe2
cDaAQ54JXpwNvlzhmfvaPc4wUZD/gDgtHBHLOoLZNarEPNgVLtYuFgeJeCEruqTX
UU5usrgoMUZrxT/dRnYcPs6YRT7cgOxnOWNnTsZBiIpDyEkvGPZBxZhDp25DESTq
q0zE9BLmWCgpHyi3QYXCfOTMLhkd4k/mt/LSZtEDHl55kLphtQN4N1Y1xgNK5BIs
o5cjzh7aRLc0fvw8WG1i85dxtRBhXIPAUA8sRVyPhHu9qiw82D1qcA==
=01xE
-----END PGP SIGNATURE-----