At 11:03 PM -0700 7/20/96, The Deviant wrote:
Snake-Oil Warning Signs Encryption Software to Avoid
(Revision 0.1)
Looks very nicely done. I think you pretty much covered it... but...
Be wary of marketing gimmicks related to "if you can crack our software" contests.
Even the best cryptographers and security professionals have done this. RSA did it with their Public Key system, which took 20+ years to break. Throughout history, many security mechanisms, even the best ones, including Cyphers, Locks, Firewalls, etc. have been known to go as far as to offer prizes (some extremely high, upwards of a million dollars, some as low as RSA's famous $100 prize)
I think that this one really is just a bit too broad.
So is your comment. What was broken was not public key, but a particular key length (and by implication shorter ones). You can do that with just about any system, even a one-time pad, by brute force, but it won't buy you much more than sharpening your skills, for longer keys. One particular public key algorithm (you aren't too specific here) WAS broken a few years ago, but that was not RSA and isn't used any longer. If memory isn't playing tricks on me it was the knapsack algorithm. David