[1879] in cryptography@c2.net mail archive
[Comdex] aka "The late, great Snake Oil Parade"
daemon@ATHENA.MIT.EDU (tamaster@technologist.com)
Sun Nov 23 21:41:58 1997
From: tamaster@technologist.com
Date: Sun, 23 Nov 1997 20:32:13 -0600 (CST)
To: cryptography@c2.net
As usual, never to disappoint my expectations, Comdex Fall '97 played host
to a myriad of security products from an increasing list of vendors. They
usually appear to make the attempt at doing the best that they are able,
and with glossy brochure in hand, are becoming increasingly more difficult
to discern from the more reputable security firms by the less skeptical of
the aisle cruisers.
Biometrics authentication has become more available with one firm marketing
a "full face" recognition system. The IDM SecureTouch was presented at a
few booths hosted on multiple software systems with a variety of accuracy
levels (when queried on "points" acquisition, one representative indicated
a maximum of 64 with up to 10 frames of averaging, while the other looked
at me as if I was speaking a foreign dialect).
The Firewall segment has also seen a real increase in available software
with many more NT (re)hosted than even a year ago.
The availability of cryptographic software has most definitely increased
with e-mail being the largest recipient of the "latest, greatest" syndrome.
One new crypto firm whose brochure just about pegged my "snake-o-meter"
was Ion Marketing. Touted as "the world's most secure and easy to use
e-mail encryption software", the Secret Envoy brochure went on to make a
litany of other claims that included:
n) a "Revolutionary cryptographic engine (that) provides
1.2 septillion times more encryption than 4096-bit
technology"
n+1) "Encrypts and simultaneously compresses data more
efficiently than pkzip"
n+2) "Built in error correction protects your data to ensure it
arrives intact"
n+3) "Short, 22 character, non-variable, public key length"
Also touted was an analysis of Secret Envoy by Richard E. Smith of Secure
Computing. The software was demo'd on a Windows 95 system (with all of
it's inherent OS security flaws) and looks very "pretty" indeed. The MAPI
interface was an option as was the clipboard for cyphertext transfer to
the also required e-mail application (or browser). A built in text editor
and OLE hooks to sound and video capture were nice touches. Very glossy...
What really caught my eye (and sent my snake-o-meter into the RED ZONE) was
"The Facts" page of the brochure. There, Ion seemed to me to be implying
that public domain encryption algorithms were less fit for duty than Ion's
(proprietary, of course) latest, greatest crypto tech:
"Did you know that PGP, as well as most other packages, use
public domain encryption algorithms?"
"Did you know that RSA recently published their RC2 algorithm?"
"Did you also know that their RC2 patents will soon expire and
make it public domain?"
"Did you know that government approved agencies can access data
encrypted by the majority of cryptographic packages through key
escrow?"
Did you know that the proposed S/MIME standard must use 40 bit
encryption to ensure full vendor inter-compatibility?"
This seemed a bit TOO fast and loose with "the facts". Just my opinion...
http://www.ionmarketing.com/ <- Yes, I verified this IS them...
http://www.secretenvoy.com/ <- brochure quoted missing DNS...
The latter URL has disappeared into a black hole (or never existed) and I
could find NO REFERENCES ANYWHERE (domain and otherwise) searching the net.
You're free to draw your own conclusions. I can't wait till next year...
