Snake oil (cryptography)

From Citizendium
Revision as of 04:51, 23 October 2008 by imported>Sandy Harris (→‎Warning signs)
Jump to navigation Jump to search
This article is developing and not approved.
 Main Article
 Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
https://en.citizendium.org/wiki/index.php?title=Snake_oil_(cryptography)&printable=yes
This editable Main Article is under development and subject to a disclaimer.

In Cryptography, the term snake oil [1] is used to refer to various products which use wildly extravagant claims to market appallingly bad cryptography.

For examples, see Dimitri Sklyarov's Defcon presentation [1] on e-book security. One company advertised "the only software in the universe that makes your information virtually 100% burglarproof!"; their actual encryption was "XOR-ing each byte with every byte of the string “encrypted”, which is the same as XOR with constant byte". Another used Rot 13 encryption. These systems are ludicrously weak, utterly worthless even against an attacker who uses only pencil and paper. ZDnet [2] called them "astonishingly inept cryptography software".

Warning signs

A few things are warning signs that a product is bogus, or at least should be treated as suspect. We cover only the most conspicuous here; for more complete lists see the references.

Extravagant claims — "unbreakable", "revolutionary", "military-grade". "hacker-proof", "breakthrough" — are a strong indicator that everything the vendor says should be treated skeptically.

Another strong indicator is a lack of technical details. This violates Kerckhoffs' Principle; no algorithm can be trusted until it has been published and analysed. If a vendor does not reveal all the internal details of their system so that it can be analysed, then they do not know what they are doing; assume their product is worthless. Any reason they give for not revealing the internals can be ignored; the only exception would be a large government agency who have their own analysts.

A lack of references to the research literature is a distinctly bad sign. Cryptography is a highly developed field with an extensive literature; anyone claiming technical competence or making claims for the strength of some new system should back those claims up with appropriate references.

"Cracking contests" that offer huge prizes but provide neither the details of the cipher nor any plaintext are another bad sign. A real attacker will very likely have both, so demonstrating that the cipher is secure against attackers with neither proves almost nothing. The main reason for such contests is to produce yet more marketing copy.

References to one-time pads are generally suspicious. Real one-time pads are provably unbreakable for certain attacks, but snake oil often claims unbreakability for things that are not actually one-time pads. In particular, anyone who claims to generate something "just like a one-time pad" from a key has a basic misunderstanding. One-time pads absolutely require a truly random key as long as the messages; no algorithm can possibly generate that from a smaller key. A system that generates its keying material is not a one-time pad; it is a stream cipher based on a random number generator. Secure stream ciphers and secure random number generators certainly exist (see the links for details), but snake oil vendors often have weak ones.

External links

  • Matt Curtin's Snake Oil FAQ [3] is the commonest reference.

References

  1. Bruce Schneier (February 1999). Snake Oil. Counterpane Inc..
Retrieved from "https://citizendium.org/wiki/index.php?title=Snake_oil_(cryptography)&oldid=514889"