The neutrality of this article is disputed.
Please see discussion on the talk page. In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent, and therefore insecure. The name derives from snake oil, one type of quack medicine widely available in 19th Century United States. Wikipedia does not have an article with this exact name. ...
Cryptography has had a long and colourful history. ...
Clark Stanleys Snake Oil Liniment. ...
Quackery is the practice of fraudulent medicine, usually in order to make money or for ego gratification and power. ...
Alternative meaning: Nineteenth Century (periodical) (18th century — 19th century — 20th century — more centuries) As a means of recording the passage of time, the 19th century was that century which lasted from 1801-1900 in the sense of the Gregorian calendar. ...
Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user; for example, the output any kind of encryption or obfustication will typically resemble gibberish. It is rarely possible to measure the security of an encryption method from its output alone, however the statements made about a product or algorithm by its proponents or promoters can be highly revealing. In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. ...
Gibberish is a generic term in English for talking that sounds like speech but has no actual meaning (like the maves rint is slanphed up). This meaning has also been extended to meaningless text (such as ichiuseekskerasff). Gibberish language game Main article: Gibberish (language game) Gibberish is also used...
Common characteristics of snake oil
Most accusations of a product being snake oil come from an analysis of the marketing used. The following are some common phrases and ploys used by snake oil and companies selling it.
Secret techniques Some encryption systems will claim to rely on a secret algorithm, technique, or device. Criticisms of this are twofold: first, a long-standing principle, Shannon's Maxim, states that "the enemy knows the system" and that secrecy does not afford the user any advantages. Secondly, secret methods are not open to public peer review and cryptanalysis and so glaring mistakes can go unnoticed for great lengths of time. In cryptography, Kerckhoffs law (also called Kerckhoffs assumption, axiom or principle) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. ...
Peer review (known as refereeing in some academic fields) is a scholarly process used in the publication of manuscripts and in the awarding of funding for research. ...
Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so. ...
Technobabble Since cryptography is a complicated subject, many snake oil purveyors will use very complicated "technobabble" to hide behind and sell their product. It can range from legitimately describing their process confusingly (Which may be argued isn't really unethical) to outright lying about the process used or making up meaningless garbage. Technobabble (a portmanteau of technology and babble) is language so full of technical terms or jargon and buzzwords that it is incomprehensible to those unfamiliar with the words being used. ...
Poorly thought out modifications of standards It is argued that it is a sign of bad cryptography to take a well-known and trusted cryptographic method and "improve" or "harden" it in. This is usually done in some ad-hoc, secret way with again, no public review. This practice of "improvement" has a considerable track record of drastically weakening or totally compromising a cryptosystem.
Excessive key length Critics suggest that the use of key lengths much larger than is typical (for example, a "million bit key") is a sign of snake oil. It is argued that wildly large key lengths provide no additional practical security, and that a long key will not fix the weaknesses of a poor underlying algorithm so there is little reputable reason to use them. In cryptography, the key size (alternatively key length) is a measure of the number of possible keys which can be used in a cipher. ...
However, what is "excessive" is not clearly defined. It is worth noting that as computing power increases and weaknesses are discovered, reputable ciphers will begin using longer keys. For instance, the Advanced Encryption Standard (AES) supports key sizes up to 256 bits, and much software has been developed lately that uses this capability. It should also be noted that, key lengths will continually slowly increase, for example, 256 bit will eventually be replaced by 512, and then by 1024; however these two shifts are expected to take many years and a key of much larger size, such as 65536 bits, is suspicious. General Designer(s) Vincent Rijmen and Joan Daemen First published 1998 Derived from Square (cipher) Cipher(s) based on this design Crypton (cypher), Anubis (cipher), GRAND CRU Algorithm detail Block size(s) 128 bits note Key size(s) 128, 192 or 256 bits note Structure Substitution-permutation network Number of...
Third-party one-time pads Also suspect are cryptosystems based on one-time pads in which the key material 'pads' are generated or expanded by the software cryptosystem or by the operating system, or are provided by the vendor. While a correctly implemented one-time pad system is proven to be unbreakable, it is argued that a system based on the one-time pad would be too impractical to be of any use for most applications. The root of the problem is that the one-time pad requires a large amount of truly random key material (equal to the size of the message), which is securely shared by sender and recipient; and these are the grounds for introducing software expansion of the key material or for introducing a trusted third party. Excerpt from a one time pad. ...
In ordinary language, the word random is used to express apparent lack of purpose or cause. ...
The problem with generated one-time pads is one of information. A truly random sequence cannot, by definition, be generated algorithmically; moreover, a pad generated at both ends (rather than generated at a single point and transferred) cannot be more random than the (smaller amount of) truly random information upon which it is based. Furthermore, the information-based proof of security that applies to one-time pads cannot apply to any keystream with an algorithmically-generated component; therefore the use of the term "one-time pad" in connection with such a system is misleading at best. (One-time pads will continue to face the problem of secure key transfer until work in quantum entanglement makes practical the simultaneous generation of identical random information at a distance.) Fig. ...
Quantum entanglement is a quantum mechanical phenomenon in which the quantum states of two or more objects have to be described with reference to each other, even though the individual objects may be spatially separated. ...
The third-party systems, for their part, demand that the key's source is trusted absolutely prior to any use or testing. If the key source is compromised through intrusion or laziness (e.g., if they serve identical one-time pads to multiple clients, a situation that is very easy to exploit), there is no way of knowing. Moreover, the problem of transfer between the key source and the users is the same problem that the users themselves face: Is the pad to be transferred using a provably secure system, i.e., another one-time pad, and if so how is that secure channel to be established? Or is the pad to be transferred under lesser security, i.e., under conditions that reduce the security of the one-time pad to the security of the system by which it was transferred?
Guaranteed unbreakability Almost no practical cryptosystems can be proven to be unbreakable (An exception is a one-time-pad, but claims of these are suspect themselves, see above). Rather, cryptologists show how their systems are resistant to traditional forms of attack, or that it is at least as hard to break their systems as it is to solve a problem widely considered difficult, such as factoring large integers. Here, "difficult" is used in an understated way, and generally refers to problems which even trillions of dollars worth of effort cannot solve using current methods. Of course, methods for solving difficult problems often improve over time, and the security proofs included with most good systems indicate the impact such methods will have on their use. In math, see Factorization. ...
Consequently, any claim advertising a system as unbreakable is almost always false, and is generally considered a sure sign of snake oil.
Recovery of lost keys An ability for the user to recover lost keys is always suspiscious. It is argued that if a legitimate user can recover a lost key, a sufficiently clever and determined attacker might be able to use the same method, thereby rendering all messages encrypted using that key insecure as plaintext. Even if the company or person who developed the cryptosystem keeps the recovery technique proprietary, it is quite possible that it might be discovered. The only exceptions are secret sharing and key escrow systems, and they are neither straightforward nor easy to securely implement. These systems still don't recover completely lost keys; they merely distribute secrets to other parties in particular ways. Each secret share is a plane, and the secret is the point at which three shares intersect. ...
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party, so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security. ...
Claims of superiority The cryptosystem vendor or developer claims that standard methods are insecure, or will become insecure. Critics of such claims argue that standard methods have been studied by a large body of experts, and the majority have no known drastic insecurities.
Legal implications The cryptosystem vendor/developer is unfamiliar with applicable legal restrictions. Governmental concern about the dangers of communication which cannot be known to security/intelligence personnel is a fact of cryptographic life. If the vendor/developer is innocent of this reality, one would be well advised to be wary of other cryptographic lacunae.
Third-party assurances The cryptosystem is described as "military grade" or "used by NSA", etc., without specifics. NSA does not discuss its systems with any commercial or private vendor; it certainly does not permit any to sell them outside the government. NSA develops cryptosystems for the use of the US government (military, diplomats, etc.) and it doesn't discuss them with or release them to others either. Similar constraints apply elsewhere (as in the case of the UK's GCHQ). In the case of such claims, the vendor/developer is either uninformed, lying, or is offering stolen government designs which will involve their users in much unpleasantness when that fact is discovered. NSA can stand for: National Security Agency of the USA The British Librarys National Sound Archive This page concerning a three-letter acronym or abbreviation is a disambiguation page — a navigational aid which lists other pages that might otherwise share the same title. ...
The Government Communications Headquarters (GCHQ) (previously named the Government Code and Cipher School (GC&CS)) is the main British intelligence service providing signals intelligence (SIGINT). ...
Foolproofness The cryptosystem is described as "foolproof". Bruce Schneier has argued that "security is a process", and as is oft-quoted in cryptography and security circles, "a chain is as strong as its weakest link". In a respectable cryptosystem, the cryptographic algorithm used is almost never the weakest link. Trying to promote a new cryptographic algorithm by using a new "simple" cryptosystem shows a lack understanding of the hardness of making such a design. If a simple secure cryptosystem could be designed, it would be more secure to simply use one of the well established, analysed and tested algorithms (e.g., the Advanced Encryption Standard also known as Rijndael) in this setting. To this date, no cryptosystem is publicly known which cannot be misused by fools. Such a system might exist or be invented, but experience shows it would be very hard to design. Proving that such a design is foolproof would be impossible as it requires proving the negative. Bruce Schneier Bruce Schneier (born January 15, 1963) is an American cryptographer, computer security specialist, and writer. ...
General Designer(s) Vincent Rijmen and Joan Daemen First published 1998 Derived from Square (cipher) Cipher(s) based on this design Crypton (cypher), Anubis (cipher), GRAND CRU Algorithm detail Block size(s) 128 bits note Key size(s) 128, 192 or 256 bits note Structure Substitution-permutation network Number of...
Falsifiability is an important concept in the philosophy of science that amounts to the apparently paradoxical idea that a proposition or theory cannot be scientific if it does not admit the possibility of being shown false. ...
Endorsement The cryptosystem is endorsed by "security experts", unknown or even anonymous, or by people who are not expert cryptographers (ex-hackers, business managers, etc.). Critics argue that cryptographic algorithms should be published and analysed in the academic literature. These claims, without the actual publication of the algorithms and the analysis of these algorithms, are essentially always merely sales babble. An athlete may well be able to use "his" brand of shoes on the field, and be personally satisfied of their quality. However, a user of a cryptosystem who feels that it is unbreakable because he cannot break it has exactly the same evidence as one who feels that Japanese is unbreakable because he cannot read it. Some other person, who speaks Japanese, can. Likewise, many ex-hackers have never broken cryptography; there are easier ways to accomplish their goals, such as social engineering. Hacker is a term used to describe people who create and modify computer software and computer hardware. ...
An athlete is a person who has above average physical skills (strength, agility, and endurance) and is thus suitable for physical activities, in particular, contests. ...
In the field of computer security, social engineering is the practice of obtaining confidential information by manipulation of legitimate users. ...
It is also important to note that bugs in most non-cryptographic software are obvious to the user (and something that does not cause an obvious problem for any user does not need to be fixed). However, the output of good and shockingly bad cryptography looks equally random, especially if the plaintext is compressed before encryption. When choosing, say, an office suite, an endorsement from another user who has used it for years and is satisfied with the stability and features should be taken into account. Such an endorsement of a cryptographic product may not be as meaningful.
Obscure mathematics The cryptosystem relies on some neglected backwater of mathematical theory, and brands their cryptographic use of it "revolutionary". While it's true that professional cryptographers often propose systems based on exotic math, these are intended for theoretical discussion, not practical deployment. It is impossible to make honest assertions of the security of a cipher based on math that's familiar to only a few researchers. If the mathematics behind a cryptography method is relatively well understood and well studied then its future is less likely to hold unpleasant surprises. Cryptography based on unfamiliar math (such as braid groups or multivariable cryptography) underwent years of study before professionals had enough confidence in them to use them for practical deployments.
External links |
Feeds |
Contact