Cryptography and Snake Oil

Bruce Schneier is a bright guy and a first-class writer but he does have the unfortunate habit of appearing to rubbish new security products, without any evidence that he’s actually looked at them. With most people this wouldn’t matter a jot, but Bruce is a highly influential blogger and thousands of people might be left with a negative opinion of the product.

So I was disappointed to read his recent posting on the press coverage of the EADS Ectocrypt encryption system. When he mentions snake-oil he might have had the media reporting in mind, but it reads to me as though the product itself is worthless. And Ectocrypt is not a worthless product, it’s a high-performance, award-winning encryption system, built to the highest NSA and CESG standards.

But unfortunately a large chunk of the blogosphere will now assume that it’s all hype. As Spiderman put it “with great power comes great responsibility”.