It's a Presidential Mandate, Feds use it. How come you are not using FDE?

Allen netsecurity at
Thu Jan 18 17:11:06 EST 2007

Saqib Ali wrote:
> Since when did AES-128 become "snake-oil crypto"? How come I missed
> that? Compusec uses AES-128 . And as far as I know AES is NOT
> "snake-oil crypto"


I believe you are correct as to the algorithm, but the snake-oil 
is in the implementation,

As I have often said, "A misplaced comma in an English sentence 
will merely get you a bad reputation as a writer, however, a 
misplaced comma in a nuclear weapons project may leave an 
enduring mark on the world."

Algorithms can be perfect and implementation sloppy. If you can 
review the code you might find the problem, but with proprietary 
code, fergetit.
> Closed-source doesn't mean that it is "snake-oil". If that was the
> case, the Microsoft's EFS, and Kerberos implementation would be "snake
> oil" too.

As I recall there have been a few problems with Kerberos in the past.



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list