Another Snake Oil Candidate
Dave Korn
dave.korn at artimi.com
Thu Sep 13 08:35:28 EDT 2007
On 13 September 2007 04:18, Aram Perez wrote:
> "to circumvent keylogging spyware" - More on this later...
> "The first time you plug it in, you initialize it with a password" -
> Oh, wait until I disable my keylogging spyware.
> "You enter that password to unlock your secure files" - Did I
> disable my keyloggin spyware?
> Protected by a password that is entered on whatever PC you plug the
> IronKey into and that is somehow auto-magically protected against all
> keylogging spyware that may exist on that PC.
> "Decrypting your files is then as easy as dragging and dropping them
> onto the desktop" and by any malware that detects that the IronKey is
> present and has been unlocked and copies the files to a hidden folder.
So by your exacting standards, PGP, gpg, openssh, in fact basically
_everything_ is snake oil. Endpoint security is a real issue, but it's not
within the remit of this product to address. I feel your complaint is
overblown. Marketspeak alone doesn't make a product snakeoil, its security
has to actually be bogus too.
>> Encryption Keys
>>
>> The encryption keys used to protect your data are generated
>> in hardware by a FIPS 140-2 compliant True Random Number
>
> As opposed to a FIPS 140-2 compliant False Random Number Generator.
No, as opposed to a *Pseudo* Random Number Generator. This is a really
silly thing to attempt to complain about; they're correctly using technical
terminology that you should be perfectly familiar with.
cheers,
DaveK
--
Can't think of a witty .sigline today....
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list