Talk:Snake oil (cryptography)

Quality improvement and better linking to related articles

I'm concerned that this article quickly appeared, after I questioned some comments in cryptography, without any wikilinking from that article. The lack of such wikilinking makes it harder to give editorial reviews to a group of related articles and the structure among them, as well as specifics in this article. I now see propagation of problems in this article, cipher, and cryptography; I'm making some comments in the talk page of the last, and observe here as well that there is a sudden burst of articles that could be more useful with more of an idea of overall outline (multi-article) and appropriate wikilinking.

For this article, let's start at the beginning. First, I'd observe that while this is a vivid and potentially useful phrase and article, it's not widely used in the industry. Second, the opening sentence

In Cryptography, the term "snake oil" is often used to refer to various products which do not offer anything like the security their marketing claims.

is not attributed, although there's a general comment about a 2001 book mentioning it.

While I only did a quick search, the 2001 book (online 1st edition) by Ross Anderson,^[1] which has a URL rather than an inline citation and any commentary on the work, does not appear to be the first coining of the term. I found a 1999 Bruce Schneier webpage on it^[2].

It's been a relatively recent development, as in the last two or three decades, where cryptology has come out of the NSA closet, and many associate that coming-out party with the publication of David Kahn's first edition of The Codebreakers in 1967 ^[3]. I call attention to Chapter 21 (second edition, but Kahn didn't revise earlier chapters but appended a chapter on the British ULTRA disclosures), "Heterogeneous Impulses", which, while it does not use the term "cryptographic snake oil", extensively discusses the history of amateur-developed "unbreakable codes", which goes back for centuries.

Comments on introduction/lede

After my contributions to Internet Protocol Suite/Signed articles and Compartmented control system/Signed Articles, I am the last person to insist on encyclopedese. Nevertheless, I'm concerned about style here. I don't disagree with some of the opinion stated, but I might like to see a bit more formalism. As to the optimism of programmers, there might be some synergy here to a developing article on Brooks' Law, as well as some decent references to Weinberg.^[4]

I suspect the article would not lose quality if some of the adjectives, such as "incurable optimism" or "extravagant claims" were lost, and perhaps more specific examples or citations were given.

Also, external reference to peoples' home pages or FAQs, in the main article, don't fit with my idea of good CZ style. In the main article, more explanation, and perhaps a bit of text to show relevance, would improve the value of the article -- the reader should not have to make a jump to an external link without being sure what value would be better there. Alternatively, such things, again preferably annotated, could go into the "External Links" subpage and perhaps be a little less jarring than as they appear in the main article.

At this point, I would ask for community feedback.

Howard C. Berkowitz 10:24, 2 August 2008 (CDT)

References