Crypto Snake Oil

An anonymous reader writes "Luther Martin of Voltage Security has published an article about the perception of cryptography today with regards to quality and honesty in vendors. From the article: 'Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography. Even after you use cryptography, you are never quite sure that it is protecting you like it is supposed to do.'"

Snake Oil

Snake oil is a traditional Chinese medicine used for joint pain. However, the most common usage of the words is as a derogatory term for medicines to imply that they are fake, fraudulent, and usually ineffective. The expression is also applied metaphorically to any product with exaggerated marketing but questionable or unverifiable quality.

'nuff said

How is this different from any other product?

[njdj]

Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography.

Can you distinguish, by inspection, between a reliable automobile and a piece of junk that will barely last 2 years? I certainly can't. So I rely on reviews by people I trust when I buy a new car.

In the field of cryptography there are several people who have written peer-reviewed books about cryptography, are trusted in the community, and who occasionally review products. Bruce Schneier is one (there are others, use Google, this is not mean to be a puff for Schneier or his company).

There are also open-source cryptographic programs, which are peer-reviewed and definitely not snake-oil.

You'd have thought so...

[jd]

But I've worked as a contractor for Government sites where their central data server was:

• Publicly accessible, outside of any firewall
• Had .rhosts on it, for the specific purpose of avoiding having to write login code for scripts that copy data
• Stored commercially sensitive (and possibly classified) information.

Ok, I'll be fair - though God alone knows why, and I think even God gave up trying to figure out the tangled mess I call a brain some time ago. They did use DES - not triple DES, just plain DES - for the really really sensitive stuff. The encryption key was visible to anyone logged in on any account, however, as the DES they used required the key to be the first parameter and they made no effort to erase it. So it was technically encrypted. (Once the passkey has been broadcast to all and sundry, I do not regard the encryption as anything more than a technicality, and in the case of DES, I seriously doubt you could even claim that.)

I've heard that security has since improved. I say "heard", because it was some time AFTER security was said to have been improved that reports started coming out of a fileswapper using NASA storage machines as extra disk space - the very same organization and very same type of mass storage device I had serious doubts about many years prior to that.

But that's a Government institution! Yes, and they're the ones with a great many experts in such matters and a great many contracts with people who can not merely withdraw business but also guarantee a disaster in the next election. The bulk of private corporations out there have neither the skills to draw on OR the incentives to maintain some sort of standard. All they have to do is ROT13 and tell you it's got digital security. Enough suckers'll buy into it to keep the CEO in champaign, caviar and girls of commercially-negotiable virtue for life.

The problem is, there is no mandated minimum standard for security, so those who can WILL use the lowest standard possible that will deceive customers into thinking they're safe whilst staying a gnat's whisker (after being compressed by the forces of a neutron star) beyond what could be sued for in courts, assuming a technically ignorant judge.

IMHO, "snake oil" could be vastly reduced - not eliminated but reduced - by placing minimum standards for crypto, compression and other easily-manipulated areas of technology, and enforcing them. Not maximum - that's what the intelligence services want, and they want it to be zero. I'm strictly talking minimum. Your good, old-fashioned lemon law - does it fill the purpose for which it was sold to the customer? Yes or no.

In the case of cryptography, that would be rephrased as follows: would a reasonable person, aware of the strengths and deficits of the technique concerned, aware of any warnings published on the block crypto lounge, hashing function lounge, etc, aware of the Usenet Crypto FAQ (ie: aware of the "common knowledge" that exists on cryptography), and aware of the grade of security the user is demonstrably expecting, agree or disagree that the cryptographic system sold meets the grade expected or not?

If it does not, it is a lemon for the purpose for which it was sold. It might be perfectly good otherwise, but it doesn't, can't, and never will do what was expected of it.

This would be enforceable, as I said very clearly that I'm talking about weighing the "common knowledge" against the "personal expectation". Both are easy to define and even a non-expert should understand a skull-and-crossbones labelled "BROKEN, DO NOT USE" in a crypto lounge. They might not understand the fine nit-picking or the advanced maths, but that's why I'm sticking solely to what is commonly known and understood, not what is derivable from axiom 327 as applies to lemma 291 as described by Professor Branestawm's obscure paper entitled "techniques for splicing dormice genes into giraffe brai