Re: A Snake-Oil FAQ

["Deranged Mutant" <WlkngOwl@unix.asb.com>]

On 21 Jul 96 at 6:03, The Deviant wrote:

> > I've written a short "Snake Oil FAQ" below.  It's incomplete and 
> > needs some work (adding a few definitions, rewording, aesthetic 
> > formatting, etc.), so think of it as a 'beta' FAQ (please don't
[..]
> Looks very nicely done.  I think you pretty much covered it... but...

Thanks.

> > Be wary of marketing gimmicks related to "if you can crack our
> > software" contests.  
> > 
> 
> Even the best cryptographers and security professionals have done this.
> RSA did it with their Public Key system, which took 20+ years to break.

Note the words "marketing gimmicks".  The $100 reward isn't a gimmick
in the same way as "we'll give you our company" or "we'll give you 
five free copies of our software".  But yes, that sentence could be 
reworded differently.

> Throughout history, many security mechanisms, even the best ones,
> including Cyphers, Locks, Firewalls, etc. have been known to go as far as
> to offer prizes (some extremely high, upwards of a million dollars, some
> as low as RSA's famous $100 prize)
> 
> I think that this one really is just a bit too broad.

Oddly enough, RSA's RC2/RC4 is also an exception to the proprietary 
algorithm warning, (some would dispute that), so that section 
needs some minor rewriting.

*sigh*

I'll work on it.


Thanks,
Rob
 
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.