Re: Snake-Oil FAQ
At 4:44 PM 9/22/96, Dale Thorn wrote:
The basic outline for any products included (and don't forget, just getting included is some sort of endorsement, if you know what I mean) could be a feature/bug listing, using common crypto terminology, and could be followed by side-by-side argument paragraphs from the author and from a reputable review panel.
The usefulness of the list would probably depend on: 1. The participation of all those names people like to name-drop on this forum. 2. And/or the quality of the list itself if done without (1.) above. In this latter case, it could still be useful, but the variances in evaluation owing to personal bias would be difficult to overcome.
The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most in need of it won't read it. If those who post descriptions of their "Unbreakable Virtual Whammo-Matic Really Complicated Transposition Cipher" have not bothered to read Schneier or other basic texts on ciphers, why would they bother to read a Snake Oil FAQ? This applies to their customers as well. It doesn't take much reading of standard crypto books to learn why historical codes and ciphers (and their reinvented modern variants) are fundamentally weak, and subject to (usually rapid) breaking with high-speed computers. Once this basic point is realized, all else follows. In other words, there is really no meaningful target audience for a Snake Oil FAQ. If it's just a quick effort, fine. But escalating it into a Major Cypherpunks Project seems like wasted effort. Just point people to Schneier's book and suggest they read and absorb the first several chapters. Then, like the infamous fisherman, they'll be equipped to understand why the Whammo-matic Really Complicated Cipher is neither Virtually Unbreakable nor worthy of spending much time analyzing, and why they should stick with modern ciphers and systems which have been subjected to years of review and attempts to break them. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Timothy C. May wrote:
At 4:44 PM 9/22/96, Dale Thorn wrote:
The basic outline for any products included (and don't forget, just getting included is some sort of endorsement, if you know what I mean) could be a feature/bug listing, using common crypto terminology, and could be followed by side-by-side argument paragraphs from the author and from a reputable review panel. The usefulness of the list would probably depend on: 1. The participation of all those names people like to name-drop on this forum. 2. And/or the quality of the list itself if done without (1.) above. In this latter case, it could still be useful, but the variances in evaluation owing to personal bias would be difficult to overcome.
The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most in need of it won't read it. If those who post descriptions of their "Unbreakable Virtual Whammo-Matic Really Complicated Transposition Cipher" have not bothered to read Schneier or other basic texts on ciphers, why would they bother to read a Snake Oil FAQ? This applies to their customers as well.
[additional text deleted] Maybe I shouldn't have tried to (slightly) change the subject. It was my thought that someone could encourage the person(s) who wanted to do a Snake-Oil product list to generalize the list, to be a more scholarly reference, and not just a blacklist. Since the original(?) proposal concerned actual products, and not just techniques which fit into neatly identifiable categories, that might justify a Consumer Reports type of review list for these products.
-----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Sep 1996, Dale Thorn wrote:
Maybe I shouldn't have tried to (slightly) change the subject. It was my thought that someone could encourage the person(s) who wanted to do a Snake-Oil product list to generalize the list, to be a more scholarly reference, and not just a blacklist. Since the original(?) proposal concerned actual products, and not just techniques which fit into neatly identifiable categories, that might justify a Consumer Reports type of review list for these products.
One of the goals of a "Snake-Oil FAQ" as proposed is to gain as wide a distribution as possible. If a "blacklist" of products is put into the FAQ, or if actual existing products are referred to a negative light, the distribution of this FAQ will be severely limited. I also think that as a whole, this project is a good idea and a good mini-project. As crypto continues to spread, it is inevitable that "bad" crypto will spread as well. While these products will surely come and go with the phases of the moon, some people will be undoubtedly be suckered and soured towards crypto-technology in general. (sarcasm) "If it saves just one...." (\sarcasm) It has been said before that the best way to counter noise is with signal. If one of the primary goals of cypherpunks is to encourage the widespread use of strong crypto, then, by extension, it is important to discourage the spread of "crappy crypto." _______________________________________________________________ Omegaman <mailto: omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAwUBMkc7Gab3EfJTqNC9AQGBywP+M037TzDBjy/F5MgmKv+x/9lhQrnQsMQ6 xlOB3ApjLHZvoKI//PyHoCKiuCw9BVnTskAE16iu19yWZmUWNL3S6hsOFxex1MMU pf6YQSajpE4mOSsih8j+b2T60ERXx/jz2BAwGEjtf4azCuGUxObUgX75ydmLoNft Po4HbyimOtY= =Yg1d -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Timothy C. May wrote: : : The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most : in need of it won't read it. : : If those who post descriptions of their "Unbreakable Virtual Whammo-Matic : Really Complicated Transposition Cipher" have not bothered to read Schneier : or other basic texts on ciphers, why would they bother to read a Snake Oil : FAQ? This applies to their customers as well. I disagree, I think AC is a pretty scary book for the kind of people who need the Snake-Oil FAQ. I think the primary target audiences are IS professionals who are considering integrating crypto into their data communications and end users who want to send encrypted mail. Neither of these groups is going to embrace crypto if you toss them a tome like AC. And what is the primary goal here, if not to promote widespread use of crypto and educate about what makes good crypto good. We have to approach the non-believers on their own ground ;) mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo@gti.net | Any expressed opinions are my own | # 0xfffe wendigo@pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMka8HRz4pZwIaHjdAQE8agf+JKgzhzva47IarTXlOmmg869UdWl88WAF cIQ7uNCXlb7xB9RXmFAHIBTWRy8S+cgkvfEbjPaWmX2dx1038a1Lk96q5kj+6kTq w0REVj+4FuJ8atgM3PxJljGSzEL5ADjAMicnmKSSBILOK8AU6d/DLquF2Y2rvBgs 7oJkCPH0m/oS87qQuivjEuUoHInrNuvuWC2BrmJ4J7UAvsfT+Zm3WcFpILpvHJ8O YkVR1IYFU7Q30vaS2eRG4AWCrLcn6tln0fnntGCAjavJz5PD3KMGigRPhE87zdBy Ht7foguSJwqxI4x+mhJh7PrYoJ6UzqQlqEAbGNTbRJL3CLfs3RStdg== =7ncj -----END PGP SIGNATURE-----
participants (4)
-
Dale Thorn -
Mark Rogaski -
Omegaman -
tcmay@got.net