Another Snake Oil Candidate

Dave Korn dave.korn at
Thu Sep 13 08:35:28 EDT 2007

On 13 September 2007 04:18, Aram Perez wrote:

> 	"to circumvent keylogging spyware" - More on this later...

> 	"The first time you plug it in, you initialize it with a password" -
> Oh, wait until I disable my keylogging spyware.
> 	"You enter that password to unlock your secure files" - Did I
> disable my keyloggin spyware?
> Protected by a password that is entered on whatever PC you plug the
> IronKey into and that is somehow auto-magically protected against all
> keylogging spyware that may exist on that PC.

> "Decrypting your files is then as easy as dragging and dropping them
> onto the desktop" and by any malware that detects that the IronKey is
> present and has been unlocked and copies the files to a hidden folder.

  So by your exacting standards, PGP, gpg, openssh, in fact basically
_everything_ is snake oil.  Endpoint security is a real issue, but it's not
within the remit of this product to address.  I feel your complaint is
overblown.  Marketspeak alone doesn't make a product snakeoil, its security
has to actually be bogus too.

>> 	Encryption Keys
>> 	The encryption keys used to protect your data are generated
>> 	in hardware by a FIPS 140-2 compliant True Random Number
> As opposed to a FIPS 140-2 compliant False Random Number Generator.

  No, as opposed to a *Pseudo* Random Number Generator.  This is a really
silly thing to attempt to complain about; they're correctly using technical
terminology that you should be perfectly familiar with.

Can't think of a witty .sigline today....

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list