Snake Oil Encryption

By Seth Ross

Over 120 years ago, Flemish linguist Auguste Kerckhoffs established the principle in cryptography that "security by obscurity" does not work. Kerckhoffs witnessed how readily "unbreakable" encryption systems using secret algorithms were captured and reverse engineered by the enemy. His second principle states: "The system must not require secrecy and can be stolen by the enemy without causing trouble." This insight was both profound and counterintuitive: Cryptosystems should rely on the secrecy of the key, not on the secrecy of the underlying encryption. For more on Kerckhoffs, see http://www.securius.com/archive/401.txt

This principle has been carried forward to the present day. By and large, the designers of cryptosystems rely on cryptographic algorithms (ciphers) that are open and public -- like Rijndael, Blowfish, and RSA -- as opposed to those that are proprietary and secret. All these public ciphers have been extensively reviewed and evaluated over time. They all avoid the amateur cryptographer's conceit of unbreakability. As Bruce Schneier points out again and again: it's very easy to develop a cipher that you yourself cannot break. Indeed, cryptography has been around thousands of years, and its history is marked again and again by the excessive confidence of system designers and the inevitable fall of secret cipher after secret cipher.

Despite this history, there are still many vendors out there that use hype and fear to push "unbreakable", "revolutionary", and invariably secret ciphers and encryption schemes. The crypto community calls them "snake oil" vendors, after the 19th century itinerant sellers of all-purpose elixirs. Some years ago, Matt Curtin put together a Frequently Asked Questions document that described what cryptographic snake oil is and how to recognize it. See http://www.interhack.net/people/cmcurtin/snake-oil-faq.html

Since then, Bruce Schneier has pointed out dozens of these vendors via a regular section in his Crypto-Gram newsletter: The Doghouse. If you don't read the Crypto-Gram, you should. See http://www.counterpane.com/crypto-gram.html

The easiest way to identify snake oil cryptography is to review the marketing claims made by the crypto vendor. Is the cipher secret and proprietary? Given how commonly secrecy covers up fundamental flaws, it's probably snake oil. Does the vendor make exaggerated claims about "unbreakability" or how big the system's key size is? It's probably snake oil. Does the vendor use a lot of techno babble about chaos theory, one-time pads, or polymorphous encryption? It's probably snake oil. Does the vendor make reference to "expert" evaluators without naming them? It's probably snake oil. In general, claims about "revolutionary new breakthroughs" in cryptography are false. The work necessary to develop, vet, and publish on new ciphers takes years: by the time the new cipher or technique is ready for widespread deployment, it's no longer new or revolutionary.

Given the negative publicity around snake oil marketing tactics, one might expect that these vendors would fail over time. Their stuff doesn't work and it's only a matter of time before their customers smarten up. Right? Wrong. There are still plenty of companies out on the Internet making fantastic claims about their ciphers or encryption schemes. Some of them are raising venture capital, making million-dollar deals with the US government, and garnering patents.

As David Hannum said, in reference to the sideshow tactics of P.T. Barnum, "There's a sucker born every minute." (See http://www.historybuff.com/library/refbarnum.html). Snake oil vendors are like the con artists who advertise via spam mail. It doesn't matter if the body part enlargement kit -- or the snake oil encryption product -- really works. The Internet provides the seller with a constant stream of naïve buyers who fall victim to their own fears and gullibility.

Below find a sampling of snake oil claims. Might some of these encryption products and ciphers actually work as claimed? Maybe. At the very least, these companies have a marketing problem that derives
from the common sense proposition: if it sounds like snake oil, it probably is.

One encryption product vendor recently admitted to PC Magazine that its proprietary 8-bit encryption algorithm has been broken (see http://www.pcmag.com/article2/0,4149,1091517,00.asp). According to PC Magazine: "... the user interface is idiosyncratic and the encryption algorithm sacrifices security for speed. The proprietary algorithm has not been peer-reviewed, and the vendor even admits that it has been broken. The program crashed during our testing, leaving Windows unstable." Unfortunately, this product was downloaded and presumably installed by hundreds of thousands of users -- it used to be a favorite on download sites like download.com. Apparently, the vendor has discarded the secret algorithm in favor of the public crypto in Microsoft's Encrypting File System (for Windows 2000/XP) and Blowfish (for older Windows).

One vendor has a proprietary algorithm with key sizes up to 136,000 bits. For a symmetric algorithm, 256-bit keys should be sufficient for the imaginable future -- barring an attack by interdimensional space aliens and their black cubic computers. Ridiculous key sizes that don't make mathematical sense are a sign of snake oil.

Another vendor offers security systems built around a new kind of random number, the bodacion. In the absence of peer-reviewed publication, be wary of new kinds of math. In a neat twist, the vendor has integrated its bodacious random number generator into its validated FIPS 140-1 module.

A one-time pad vendor offers an ingenious workaround to the problem of needing a pad as long as the plaintext you need to encrypt: "To lower your key file usage, you can use a simple text editor like WordPad, to create plaintext messages, instead of a program like Windows Word, which can make large files for simple messages." While they offer theoretically unbreakable security, one-time pads are only practical in very specialized situations -– anyone who presents a generalized one-time pad solution is showing snake oil.

The maker of PHANTOM TS offers a revolutionary new approach that doesn't even need cryptography in order to achieve security. Just lean on the shift key: "PHANTOM TS IS NOT ENCRYPTION. PHANTOM TS IS A COMPLETELY NEW CONCEPT IN SECURITY BASED ON THE CREATION AND DEMATERIALIZATION OF A SECRET TWIN OPERATING SYSTEM. WHEN USED PROPERLY PHANTOM TS PROVIDES MILITARY LEVEL SECURITY TO EVERYDAY USERS ON ANY DESKTOP OR LAPTOP, AND IT COSTS LESS THAN A VIDEO GAME. ... TOO GOOD TO BE TRUE? WE KNOW."

One company has managed to parlay its proprietary encryption technology -- Virtual Matrix Encryption (VME) -- into a what it claims is a $4 million deal with the US Department of Health and Human Services. According to the company, "VME is quite simply the only unbreakable encryption commercially available ... It's a completely new approach to data encryption. It has survived a battery of rigorous tests and challenges. Nobody has ever broken data encrypted with VME." Don't be seduced by claims of unbreakability that aren't backed by mathematical evidence and peer review. Also be wary of claims that a cipher has never been broken -- how can the vendor prove this?

Another vendor manages to deliver three snake oil claims in a single sentence on its web site: "Uses 128 rounds of a ridiculously strong 3072 bit paranoid encryption that far exceeds even military standards!" Note the exaggerrated claim, the large key size, and the claim to military-grade security, even though no such thing exists.

Finally, another vendor urges visitors to its web site to not trust other ciphers. This is a mark of snake oil. From their web site: "There is no alternative for the powerful TransLock protection! TransPlace is the only security solution with no hacks, cracks and patches on internet! Don't trust other encryption algoritms or programs! They are NOT SAFE!!!"[sic]

No cipher or cryptosystem is perfect. They will all fail eventually; there’s no such thing as perfect protection. In cryptography, as in life, beware of cure-alls and anyone who sows fear, uncertainty, and doubt. Anything that sounds too good to be true, invariably is. As Barnum once pointed out, “Ladies and gentlemen, this way to the egress."

See you next issue. ‘Til then, keep your guard up.