Snake Oil Encryption
By Seth Ross
Over 120 years ago, Flemish linguist Auguste Kerckhoffs established
the principle in cryptography that "security by obscurity"
does not work. Kerckhoffs witnessed how readily "unbreakable"
encryption systems using secret algorithms were captured and reverse
engineered by the enemy. His second principle states: "The
system must not require secrecy and can be stolen by the enemy without
causing trouble." This insight was both profound and counterintuitive:
Cryptosystems should rely on the secrecy of the key, not on the
secrecy of the underlying encryption. For more on Kerckhoffs, see
This principle has been carried forward to the present day. By
and large, the designers of cryptosystems rely on cryptographic
algorithms (ciphers) that are open and public -- like Rijndael,
Blowfish, and RSA -- as opposed to those that are proprietary and
secret. All these public ciphers have been extensively reviewed
and evaluated over time. They all avoid the amateur cryptographer's
conceit of unbreakability. As Bruce Schneier points out again and
again: it's very easy to develop a cipher that you yourself cannot
break. Indeed, cryptography has been around thousands of years,
and its history is marked again and again by the excessive confidence
of system designers and the inevitable fall of secret cipher after
Despite this history, there are still many vendors out there that
use hype and fear to push "unbreakable", "revolutionary",
and invariably secret ciphers and encryption schemes. The crypto
community calls them "snake oil" vendors, after the 19th
century itinerant sellers of all-purpose elixirs. Some years ago,
Matt Curtin put together a Frequently Asked Questions document that
described what cryptographic snake oil is and how to recognize it.
Since then, Bruce Schneier has pointed out dozens of these vendors
via a regular section in his Crypto-Gram newsletter: The Doghouse.
If you don't read the Crypto-Gram, you should. See http://www.counterpane.com/crypto-gram.html
The easiest way to identify snake oil cryptography is to review
the marketing claims made by the crypto vendor. Is the cipher secret
and proprietary? Given how commonly secrecy covers up fundamental
flaws, it's probably snake oil. Does the vendor make exaggerated
claims about "unbreakability" or how big the system's
key size is? It's probably snake oil. Does the vendor use a lot
of techno babble about chaos theory, one-time pads, or polymorphous
encryption? It's probably snake oil. Does the vendor make reference
to "expert" evaluators without naming them? It's probably
snake oil. In general, claims about "revolutionary new breakthroughs"
in cryptography are false. The work necessary to develop, vet, and
publish on new ciphers takes years: by the time the new cipher or
technique is ready for widespread deployment, it's no longer new
Given the negative publicity around snake oil marketing tactics,
one might expect that these vendors would fail over time. Their
stuff doesn't work and it's only a matter of time before their customers
smarten up. Right? Wrong. There are still plenty of companies out
on the Internet making fantastic claims about their ciphers or encryption
schemes. Some of them are raising venture capital, making million-dollar
deals with the US government, and garnering patents.
As David Hannum said, in reference to the sideshow tactics of P.T.
Barnum, "There's a sucker born every minute." (See http://www.historybuff.com/library/refbarnum.html).
Snake oil vendors are like the con artists who advertise via spam
mail. It doesn't matter if the body part enlargement kit -- or the
snake oil encryption product -- really works. The Internet provides
the seller with a constant stream of naïve buyers who fall
victim to their own fears and gullibility.
Below find a sampling of snake oil claims. Might some of these
encryption products and ciphers actually work as claimed? Maybe.
At the very least, these companies have a marketing problem that
from the common sense proposition: if it sounds like snake oil,
it probably is.
One encryption product vendor recently admitted to PC Magazine
that its proprietary 8-bit encryption algorithm has been broken
According to PC Magazine: "... the user interface is idiosyncratic
and the encryption algorithm sacrifices security for speed. The
proprietary algorithm has not been peer-reviewed, and the vendor
even admits that it has been broken. The program crashed during
our testing, leaving Windows unstable." Unfortunately, this
product was downloaded and presumably installed by hundreds of thousands
of users -- it used to be a favorite on download sites like download.com.
Apparently, the vendor has discarded the secret algorithm in favor
of the public crypto in Microsoft's Encrypting File System (for
Windows 2000/XP) and Blowfish (for older Windows).
One vendor has a proprietary algorithm with key sizes up to 136,000
bits. For a symmetric algorithm, 256-bit keys should be sufficient
for the imaginable future -- barring an attack by interdimensional
space aliens and their black cubic computers. Ridiculous key sizes
that don't make mathematical sense are a sign of snake oil.
Another vendor offers security systems built around a new kind
of random number, the bodacion. In the absence of peer-reviewed
publication, be wary of new kinds of math. In a neat twist, the
vendor has integrated its bodacious random number generator into
its validated FIPS 140-1 module.
A one-time pad vendor offers an ingenious workaround to the problem
of needing a pad as long as the plaintext you need to encrypt: "To
lower your key file usage, you can use a simple text editor like
WordPad, to create plaintext messages, instead of a program like
Windows Word, which can make large files for simple messages."
While they offer theoretically unbreakable security, one-time pads
are only practical in very specialized situations - anyone
who presents a generalized one-time pad solution is showing snake
The maker of PHANTOM TS offers a revolutionary new approach that
doesn't even need cryptography in order to achieve security. Just
lean on the shift key: "PHANTOM TS IS NOT ENCRYPTION. PHANTOM
TS IS A COMPLETELY NEW CONCEPT IN SECURITY BASED ON THE CREATION
AND DEMATERIALIZATION OF A SECRET TWIN OPERATING SYSTEM. WHEN USED
PROPERLY PHANTOM TS PROVIDES MILITARY LEVEL SECURITY TO EVERYDAY
USERS ON ANY DESKTOP OR LAPTOP, AND IT COSTS LESS THAN A VIDEO GAME.
... TOO GOOD TO BE TRUE? WE KNOW."
One company has managed to parlay its proprietary encryption technology
-- Virtual Matrix Encryption (VME) -- into a what it claims is a
$4 million deal with the US Department of Health and Human Services.
According to the company, "VME is quite simply the only unbreakable
encryption commercially available ... It's a completely new approach
to data encryption. It has survived a battery of rigorous tests
and challenges. Nobody has ever broken data encrypted with VME."
Don't be seduced by claims of unbreakability that aren't backed
by mathematical evidence and peer review. Also be wary of claims
that a cipher has never been broken -- how can the vendor prove
Another vendor manages to deliver three snake oil claims in a single
sentence on its web site: "Uses 128 rounds of a ridiculously
strong 3072 bit paranoid encryption that far exceeds even military
standards!" Note the exaggerrated claim, the large key size,
and the claim to military-grade security, even though no such thing
Finally, another vendor urges visitors to its web site to not trust
other ciphers. This is a mark of snake oil. From their web site:
"There is no alternative for the powerful TransLock protection!
TransPlace is the only security solution with no hacks, cracks and
patches on internet! Don't trust other encryption algoritms or programs!
They are NOT SAFE!!!"[sic]
No cipher or cryptosystem is perfect. They will all fail eventually;
theres no such thing as perfect protection. In cryptography,
as in life, beware of cure-alls and anyone who sows fear, uncertainty,
and doubt. Anything that sounds too good to be true, invariably
is. As Barnum once pointed out, Ladies and gentlemen, this
way to the egress."
See you next issue. Til then, keep your guard up.