Contents
* Contents
* Introduction
* Basic Concepts
o Symmetric vs. Asymmetric Cryptography
o Secrecy vs. Integrity: What are you trying to protect?
o Key Sizes
o Keys vs. Passphrases
o Implementation Environment
* Snake Oil Warning Signs
o ``Trust Us, We Know What We're Doing''
o Technobabble
o Secret Algorithms
o Revolutionary Breakthroughs
o Experienced Security Experts, Rave Reviews, and Other Useless
Certificates
o Unbreakability
o One-Time-Pads
o Algorithm or product X is insecure
o Recoverable Keys
o Exportable from the USA
o ``Military Grade''
* Other Considerations
* Glossary
* Index
* References
Administrativia
Distribution
Distribution of this document is unlimited. We're specifically trying to
reach people who are not experts in cryptography or security but find
themselves making decisions about what sorts of crypto (if any) to use, both
for their organizations and for themselves.
The Snake Oil FAQ is posted monthly to sci.crypt, alt.security,
comp.security, comp.answers, and comp.infosystems. It is available in
PostScript and PDF form (ideal for printing) via the web at
[url]http://www.interhack.net/people/cmcurtin/snake-oil-faq.ps[/url]
[url]http://www.interhack.net/people/cmcurtin/snake-oil-faq.pdf[/url]
and HTML at
[url]http://www.interhack.net/people/cmcurtin/snake-oil-faq.html[/url]
Disclaimer
All contributors' employers will no doubt disown any statements herein.
We're not speaking for anyone but ourselves.
This is a compilation of common habits of snake oil vendors. It cannot be
the sole method of rating a security product, since there can be exceptions
to most of these rules. From time to time, a reputable vendor will produce
something that is actually quite good, but will promote it with braindead
marketing techniques. But if you're looking at something that exhibits
several warning signs, you're probably dealing with snake oil.
Every effort has been made to produce an accurate and useful document, but
the information herein is completely without warranty. This is a
work-in-progress; feedback is greatly appreciated. If you find any errors or
otherwise wish to contribute, please contact the document keeper, Matt
Curtin <cmcurtin@interhack.net>
Document History
With the rise in the number of crypto products came a rise in the number of
ineffective or outright bogus products. After some discussion about this on
the cypherpunks list, Robert Rothenburg <wlkngowl@unix.asb.com> wrote the
first iteration of the Snake Oil FAQ. Matt Curtin took the early text and
munged it into its current state with the help of the listed contributors
(and probably some others whose names have inadvertently missed. Sorry in
advance, if this is the case.)
Contributors
The following folks have contributed to this FAQ.
Jeremey Barrett <jeremey@forequest.com>
Steven M. Bellovin <smb@research.att.com>
Matt Blaze <mab@research.att.com>
Bo Dvmstedt <bo.domstedt@protego.se>
Gary Ellison <gfe@interhack.net>
<fifersl@ibm.net>
<geeman@best.com>
Larry Kilgallen <KILGALLEN@Eisner.DECUS.Org>
Dutra Lacerda <dutra.lacerda@mail.telepac.pt>
Felix Lee <flee@teleport.com>
Colin Plumb <colin@nyx.net>
Jim Ray <jmr@shopmiami.com>
Terry Ritter <ritter@io.com>
Robert Rothenburg <wlkngowl@unix.asb.com>
Adam Shostack <adam@homeport.org>
Rick Smith <smith@sctc.com>
Randall Williams <ac*87@yfn.ysu.edu>
Introduction
Good cryptography is an excellent and necessary tool for almost anyone. Many
good cryptographic products are available commercially, as shareware, or
free. However, there are also extremely bad cryptographic products which not
only fail to provide security, but also contribute to the many
misconceptions and misunderstandings surrounding cryptography and security.
Why ``snake oil''? The term is used in many fields to denote something sold
without consideration of its quality or its ability to fulfill its vendor's
claims. This term originally applied to elixirs sold in traveling medicine
shows. The salesmen would claim their elixir would cure just about any
ailment that a potential ******** could have. Listening to the claims made
by some crypto vendors, ``snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing:
all encryption utilities produce garbled output. The purpose of this
document is to present some simple ``red flags'' that can help you detect
snake oil.
For a variety of reasons, this document does not mention specific products
or algorithms as being ``good'' or ``snake oil.''
Basic Concepts
In an effort to make this FAQ more complete, some basic information is
covered here. The Cryptography FAQ [*] is a more general tutorial of
cryptography and should also be consulted.
When evaluating any product, be sure to understand your needs. For data
security products, what are you trying to protect? Do you want a data
archiver, an e-mail plug-in, or something that encrypts on-line
communications? Do you need to encrypt an entire disk or just a few files?
And how secure is secure enough? Does the data need to be unreadable by
``spies'' for five minutes, one year, or *00 years? Is the spy someone's kid
sister, a corporation, or a government?
Symmetric vs. Asymmetric Cryptography
There are two basic types of cryptosystems: symmetric (also known as
``conventional'' or ``secret key'') and asymmetric (``public key.'')
Symmetric ciphers require both the sender and the recipient to have the same
key. This key is used by the sender to encrypt the data, and again by the
recipient to decrypt the data. The problem here is getting the sender and
recipient to share the key.
Asymmetric ciphers are much more flexible from a key management perspective.
Each user has a pair of keys: a public key and a private key. Messages
encrypted with one key can only be decrypted by the other key. The public
key can be published widely while the private key is kept secret.
So if Alice wishes to send Bob some secrets, she simply finds and verifies
Bob's public key, encrypts her message with it, and mails it off to Bob.