Re: flavors of reptile lubricant, was Another Snake Oil Candidate

Hi Folks,

My last comment on this. I've stated my own personal opinion
and  
anyone is free to disagree.

On Sep 13, 2007, at 9:33 AM, Ali, Saqib wrote:

> On 13 Sep 2007 13:45:42 -0000, John Levine
<johnliecc.com> wrote:
>> I always understood snake oil crypto to refer to
products that  
>> were of
>> no value to anyone, e.g., products that claim to
have secret
>> unbreakable encryption, million bit keys, or
"one time pads" produced
>> by PRNGs.
>
> hear hear!
>
> I think in the zeal for criticism of the IronDrive,
folks have
> expanded the definition of Snake Oil to include
"All" security
> products.
>
> I don't like the "Military Grade AES
Encryption" phrase that IronDrive
> uses on their website, cause that implies they know
what Military is
> using. Maybe somebody should notify DoD that these
IronDrive folks
> know what Military uses to encrypt info 
>
> But other then that I don't see any Snake Oil Crypto
like
> techno-babble used by IronDrive Marketing.

I don't know if a product has to meet m of n criteria as
stated in  
<http://www.interhack.net/people/cmcurtin/snake-oi
l-faq.html>, but,  
IMO, IronKey meets the following criteria: Technobabble,
Experienced  
Security Experts, "Military Grade" and to a
certain extend  
Unbreakability (normally applied to software, but IronKey
claims the  
epoxy prevents "criminals from getting to the internal
hardware  
components").

Respectfully,
Aram Perez

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com

Well, I don't want to start a flame war (drop me a note
offline if I'm
coming across as doing so), but I do want to respond to one
point.  

Ali Saqib wrote:

> I don't like the "Military Grade AES
Encryption" phrase that IronDrive
> uses on their website, cause that implies they know
what Military is
> using. Maybe somebody should notify DoD that these
IronDrive folks
> know what Military uses to encrypt info 
>
> But other then that I don't see any Snake Oil Crypto
like
> techno-babble used by IronDrive Marketing.

Similarly, Aram Perez objected to the use of "Military
Grade" in the IronKey
promotional materials


However, according to those promotional materials IronKey
uses AES-I think
AES-256 although I can't find a reference to 256-bit key use
in the chip.  

According to Wikipedia the U.S. Department of Defense (NSA)
has certified
AES for Type-1 applications in the U.S. government.  See
also, CNSSP-15 and
htt
p://www.nsa.gov/ia/industry/crypto_suite_b.cfm  A little
exploring of the
net finds a number of documents that my browser says are
housed on domains
ending in .mil that mention the use of AES-in particular for
communications
between U.S. and coalition forces.  I think these facts
qualify AES as
"military grade."  

Chuck Jackson


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com