William H. Geiger III (whgiii@invweb.net)
Wed, 24 Jun 1998 17:57:52 -0500
-----BEGIN PGP SIGNED MESSAGE-----
In <199806242024.WAA20403@basement.replay.com>, on 06/24/98
at 10:24 PM, nobody@replay.com (Anonymous) said:
>I thought that the usually good Good Morning Silicon Valley
>(San Jose Mercury news http://www.mercurycenter.com/gmsv/)
>would know better but they relayed one more of those
>dangerous snake oil challenges. It may seem that intent here would be to
>steal money from naive stock market investors:
Does anyone have a URL for the SJM article? I was up on their web site but
could not find anything.
>Sample claims :
>"JAWS Technologies Inc. announces the first unbreakable suite of public
>and private-key encryption schemes known. Using a Base 13 calculation
>algorithm, the routine uses the keys as a portion of the formulae to
>decrypt, making it mathematically impossible given a large enough key.
>The data is first shifted and then encrypted with a random number
>generated at the time of encryption, used to determine password
>authorization upon decryption."
Jaws Tech did a press release on this "challenge" at the end of last
month. They did a hit and run spam on several mailing lists but never
responded to any follow-up posts. I responded on the SpyKing list to their
"challenge" and also followed up by posting a copy of the snake-oil FAQ:
>Friday May 29, 3:00 pm Eastern Time
>Company Press Release
>SOURCE: JAWS Technologies Inc.
>JAWS Launches $5,000,000 ``Break the Code'' Encryption Contest
<sigh> Yet another Snake-oil post.
Such challenges like this are really meaningless and are designed as a
publicity stunt to gain some free press rather than as a legitimate test
of the strength of the algorithms involved.
The *only* way to test the security of an algorithm is through a process
of peer-review of the source code.
Until JAWS Technologies decides to go through this process I would stay
far away from this and any other products they may produce. It seems quite
clear that they have little to no understanding of the cryptology &
security fields.
I don't know what it is about the list but it seems that we must endure
these snake-oil posts on a periodic basis.
While I have replied here to many of these snake-oil advertisements I have
yet to see one of these companies post a rebuttal (to the list or
privately).
I have submitted a copy of the Snake-Oil FAQ to SpyKing requesting that he
publish it to the list (it's a little long so I don't want to post it
directly). It can also be found at:
http://www.interhack.net/people/cmcurtin/snake-oil-faq.html
Security & Encryption are the big buzz-words in the computer industry and
many companies are looking to cash-in on it. Be very wary of Johnny Come
Lately's who overnight become cryptology "experts".
- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
Tag-O-Matic: OS/2: The choice of the next generation.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNZGGM49Co1n+aLhhAQFs+AP8C50vyGI/5TzOZfH0dZJo7q8zPu22SJzX
9TQzaq5n1EF3ooTQ/T4RglgRTc8YPuuc3l4zoBn9pmJ9dtpekmCkJ5YDT5YMLe61
PP3zRsam1l++m2KphjCqeN7h0QWakFcuNR+oAWQCY7cbJFqO1KcFIqaHtsr+DsuB
3Hkr4CCdxE0=
=j22T
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:01 ADT