Abstract
Cryptography is an essential component of America’s national security infrastructure. Billions of dollars are spent on cryptosystems every year, in both the public and private sector. Unfortunately, the field is rife with dubious claims, snake oil salesmen, and outright fraud. This paper highlights the importance of skepticism and critical thinking in the role of evaluating and procuring cryptosystems. We discuss our experiences in teaching future leaders about testing extraordinary cryptographic claims by asking hard questions and show examples from our own experience. We believe that the rigorous application of skepticism and critical thinking in cryptography are absolutely essential to the wise use of America’s resources and the security of the nation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Letters near the end of the alphabet would “wrap around”: Y would encrypt to B, for example.
One such capture was dramatized in the 2000 film “U-571”.
Our use of ten is merely an accident of biology. Knowing that you can count on your fellow humans to have two appendages with five fingers each makes for a convenient system we can all rely on. It is no coincidence that another word for ‘finger’ is ‘digit’.
There is, as of this writing, no such company as SnakeOilCipher.
References
Adams, S. (1996), The Dilbert Principle, Collins Publishing, ISBN 0887307876, © 1996.
AMI-Partners. AMI-partners reports small and medium businesses ready to spend over $11B in IT security”, June 26,2006, available at http://www.ami-partners.com/ami/sections/Press/Global_SMB_IT_Security_with_slide.pdf
Common Criteria for Information Technology Security Evaluation, 2005, http://www.niap-ccevs.org/assets/images/cc_v23_part1.gif.
Dyson, F. “Time Without End: Physics and Biology in an Open Universe”, Reviews of Modern Physics, Vol 52 No 3, July 1979, pp 447–460.
Gorman S., “Hacker attacks hitting Pentagon”, Baltimore Sun, July 2, 2006
Krebs B., “OMB sets guidelines for federal employee laptop security”, Washington Post, July 2, 2006
Nielsen, M. and Chuang, I., Quantum Computing and Quantum Information, Cambridge University Press, ISBN 0521635039, © 2000.
Radicati Group LTD, 2006, Email Security Market, available at http://www.radicati.com/brochure.asp?id=258’
RSA Security Inc. Corporate Press Kit, 2005, available at http://www.rsasecurity.com/node.asp?id=1382
Schneier, B., Heartland Perspectives, The Heartland Institute, June 23, 1994a.
Schneier, B. Applied Cryptography, John Wiley & Sons, ISBN 0471117099, 2nd Edition, © 1994b.
Schneier, B. “Snake Oil”, Crypto-Gram Newsletter, February 15th 1999 , http://www.schneier.com/crypto-gram-9902.html#news
Zimmerman, P. “Beware of Snake Oil”, 1991, excerpted from PGP User’s Guide, updated 1997, http://www.philzimmermann.com/EN/essays/SnakeOil.html.
Acknowledgements
The authors gratefully acknowledge the assistance of Mr. Mike Collins, a National Security Agency mathematician and a visiting professor of computer science at USAFA. We also note the contributions of Bruce Schneier’s essay in (Schneier 1999), the founding document connecting skepticism and cryptography, along with Phil Zimmerman’s 1997-updated essay on cryptography and snake oil (Zimmerman 1991). These works should be required reading for critical thinkers everywhere.
The views expressed in this academic research paper are those of the authors and do not necessarily reflect the official policy or position of the US government, the Department of Defense, or the United States Air Force Academy.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fagin, B.S., Baird, L.C., Humphries, J.W. et al. Skepticism and Cryptography. Know Techn Pol 20, 231–242 (2007). https://doi.org/10.1007/s12130-007-9030-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12130-007-9030-8