Snake oil (cryptography)

From Citizendium
Revision as of 22:23, 1 August 2008 by imported>Sandy Harris
Jump to navigation Jump to search

In Cryptography, the term "snake oil" is often used to refer to various products which do not offer anything like the security their marketing claims. This is, regrettably, remarkably common. The reasons are rather varied:

  • As in any field, marketers exaggerate.
  • Then there is the incurable optimism of programmers. As for databases and real-time programming, cryptography looks deceptively simple. Almost any competent programmer can handle the basics, implement something that copes with simple applications fairly easily. However, as in the other areas, almost anyone who tackles difficult cases without both some study of relevant theory and considerable practical experience is almost certain to get it horribly wrong.
    • For example, almost every company that uses their general-purpose programmers to implement crypto ends up with something easily broken; Microsoft Word and Adobe PDF encryption are the best-known examples, but there are dozens of others.


External links

  • Matt Curtin's Snake Oil FAQ [1] is the commonest reference.
Retrieved from "https://citizendium.org/wiki/index.php?title=Snake_oil_(cryptography)&oldid=514842"