A Snake-Oil FAQ

David Sternlight david at sternlight.com
Sun Jul 21 10:58:52 PDT 1996


At 11:03 PM -0700 7/20/96, The Deviant wrote:

>>
>>                           Snake-Oil Warning Signs
>>                         Encryption Software to Avoid
>>
>>                               (Revision 0.1)
>>
>>
>
>Looks very nicely done.  I think you pretty much covered it... but...
>
>>
>> Be wary of marketing gimmicks related to "if you can crack our
>> software" contests.
>>
>
>Even the best cryptographers and security professionals have done this.
>RSA did it with their Public Key system, which took 20+ years to break.
>Throughout history, many security mechanisms, even the best ones,
>including Cyphers, Locks, Firewalls, etc. have been known to go as far as
>to offer prizes (some extremely high, upwards of a million dollars, some
>as low as RSA's famous $100 prize)
>
>I think that this one really is just a bit too broad.

So is your comment. What was broken was not public key, but a particular
key length (and by implication shorter ones). You can do that with just
about any system, even a one-time pad, by brute force, but it won't buy you
much more than sharpening your skills, for longer keys.

One particular public key algorithm (you aren't too specific here) WAS
broken a few years ago, but that was not RSA and isn't used any longer. If
memory isn't playing tricks on me it was the knapsack algorithm.

David








More information about the cypherpunks-legacy mailing list