*** Welcome to piglix ***

Snake oil (cryptography)


In cryptography, snake oil is any cryptographic method or product considered to be bogus or fraudulent. The name derives from snake oil, one type of patent medicine widely available in 19th century United States.

Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. Many cryptographers, such as Bruce Schneier and Phil Zimmermann, undertake to educate the public in how secure cryptography is done, as well as highlighting the misleading marketing of some cryptographic products.

The Snake Oil FAQ describes itself as, "a compilation of common habits of snake oil vendors. It cannot be the sole method of rating a security product, since there can be exceptions to most of these rules. [...] But if you're looking at something that exhibits several warning signs, you're probably dealing with snake oil."

This is not an exhaustive list of snake oil signs. A more thorough list is given in the external articles linked in the section below.

Secret system

Technobabble

"Unbreakable"

One-time pads

Unsubstantiated "bit" claims


...
Wikipedia

...