[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Snake-Oil FAQ

At 4:44 PM 9/22/96, Dale Thorn wrote:

>The basic outline for any products included (and don't forget, just
>getting included is some sort of endorsement, if you know what I mean)
>could be a feature/bug listing, using common crypto terminology, and
>could be followed by side-by-side argument paragraphs from the author
>and from a reputable review panel.
>The usefulness of the list would probably depend on:
>1. The participation of all those names people like to name-drop on this
>   forum.
>2. And/or the quality of the list itself if done without (1.) above.
>   In this latter case, it could still be useful, but the variances in
>   evaluation owing to personal bias would be difficult to overcome.

The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most
in need of it won't read it.

If those who post descriptions of their "Unbreakable Virtual Whammo-Matic
Really Complicated Transposition Cipher" have not bothered to read Schneier
or other basic texts on ciphers, why would they bother to read a Snake Oil
FAQ? This applies to their customers as well.

It doesn't take much reading of standard crypto books to learn why
historical codes and ciphers (and their reinvented modern variants) are
fundamentally weak, and subject to (usually rapid) breaking with high-speed
computers. Once this basic point is realized, all else follows.

In other words, there is really no meaningful target audience for a Snake
Oil FAQ. If it's just a quick effort, fine. But escalating it into a Major
Cypherpunks Project seems like wasted effort.

Just point people to Schneier's book and suggest they read and absorb the
first several chapters. Then, like the infamous fisherman, they'll be
equipped to understand why the Whammo-matic Really Complicated Cipher is
neither Virtually Unbreakable nor worthy of spending much time analyzing,
and why they should stick with modern ciphers and systems which have been
subjected to years of review and attempts to break them.

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."