![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
|
|
JS, An excellent start. I'll have at it some in the next few days (modulo time and diversions) to tighten it up a bit. Thanks. ww 14:24, 9 Jun 2004 (UTC)
The point of this article, in my view, is three fold. First, to make known to readers that there exists a class of crypto nonsense. Second, to make known to readers some of the characteristics of said nonsense. Third, to make known to readers why this nonsense is nonsense (or at least some sense of why if not the excrutiating details). None of these purposes is NPOV, nor need any say nasty things about particular products or systems. However deserving...
Several of the edits in the last week or so (as of 04.08.10) have had the effect of greatly reducing the article's effectiveness, particularly for the 2nd and 3rd points. In this respect the prior article was better WP coverage of this topic. We can do better, and some of that content should be restored. Comments? ww 13:51, 10 Aug 2004 (UTC)
One other sign of snake oil, which I don't see listed, is a claim of the variety: "top cryptographers at institution A, B, and C haven't been able to break our encryption." Usually such a challenge involves the vendor sending some short piece of ciphertext to a researcher and challenging him/her to find the plaintext and/or key, without the aid of the algorithm or any other attack that could be easily be mounted in the real world. (Not that a top cryptographer at institution A, B, or C would want to waste his/her time debunking a particular brand of snake oil in the first place.) I think this kind of claim is pretty common among snake oil vendors.
Came here via peer review. Overall, I think the article is very lucid and well-written, clear to the layman (me!), and NPOV. I wonder about the lengthy bullet-pointed paragraphs -- bullets seem to be better used for short points, and I think this would read as well or better as separate paragraphs, (with or without similar issues being grouped under subheaders of Common characteristics). What do you think? [[User:CatherineMunro| Catherine\ talk]] 04:28, 25 Nov 2004 (UTC)
I've a number of reservations about this article. It reads, at times, like a prescriptive guide to avoiding weak cryptography, like the Snake Oil FAQ., and a lot of it is opinion and not NPOV — of course, it may be wise opinion, but I don't think it fits for neutrality. I'm a bit stuck on how best to fix it. Do we really need a large list of "signs", and then to present the argument behind each sign? Is there a better approach? — Matt 12:03, 25 Nov 2004 (UTC)
I still think this article is POV at present. We present a set of security doctrines, and we argue the case for those principles; however, I don't think it's neutral to advocate these principles because they are not universally agreed upon. I'll try and reword it so that it reads as a description of the arguments, not as the argument itself. — Matt Crypto 11:53, 22 Mar 2005 (UTC)
My suggestion is to simply make it clear that what's being presented here is an opinion which is held by many leading cryptographers. Perhaps find a few who have commented on these things in the past to cite for it (I know Bruce Schneier does so regularly, but I'm sure there are others too). Having clarified that, I think the NPOV marker can come off. How does that sound? JulesH 9 July 2005 15:49 (UTC)
I'd agree that the list of potential snake oil signs here represents a common opinion in the crypto community. But is there is even a need to recognize snake oil? Souldn't users rather be able to recognize well accepted primitives? I.e., it is rather hard to decide whether a new encryption algorithm (e.g., based on some well sounding chaos theory) is potentially interesting or just snake oil. It is much easier to recognize that AES is a well accepted encryption algorithm. 24.228.93.22 01:26, 10 September 2005 (UTC)
As to the neutrality of the article, I don't think it has any bias one way or the other. Where the problem lies is that conclusions are being drawn that might be interpreted in other ways. Don't get me wrong, the info is great and I like it, but maybe two sections - Facts and Advice. I'm a n00b to wikipedia, so you can just slap me if I'm being stupid or something. -Amadameus
so I googled the former. got enough hits that I think it's word that the crypto-knowlegable use. can someone confirm that it's not a typo, that the proofreader inside me should not change it to "obfuscate"? thankz, Oscar Meyer Peener. 04:54, 1 February 2006 (UTC)
"Obfuscate" is a verb. "Obfustication" is a noun. One cannot replace a noun in a sentence with a verb. [Steven 20 March 2006]
![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
|
|
JS, An excellent start. I'll have at it some in the next few days (modulo time and diversions) to tighten it up a bit. Thanks. ww 14:24, 9 Jun 2004 (UTC)
The point of this article, in my view, is three fold. First, to make known to readers that there exists a class of crypto nonsense. Second, to make known to readers some of the characteristics of said nonsense. Third, to make known to readers why this nonsense is nonsense (or at least some sense of why if not the excrutiating details). None of these purposes is NPOV, nor need any say nasty things about particular products or systems. However deserving...
Several of the edits in the last week or so (as of 04.08.10) have had the effect of greatly reducing the article's effectiveness, particularly for the 2nd and 3rd points. In this respect the prior article was better WP coverage of this topic. We can do better, and some of that content should be restored. Comments? ww 13:51, 10 Aug 2004 (UTC)
One other sign of snake oil, which I don't see listed, is a claim of the variety: "top cryptographers at institution A, B, and C haven't been able to break our encryption." Usually such a challenge involves the vendor sending some short piece of ciphertext to a researcher and challenging him/her to find the plaintext and/or key, without the aid of the algorithm or any other attack that could be easily be mounted in the real world. (Not that a top cryptographer at institution A, B, or C would want to waste his/her time debunking a particular brand of snake oil in the first place.) I think this kind of claim is pretty common among snake oil vendors.
Came here via peer review. Overall, I think the article is very lucid and well-written, clear to the layman (me!), and NPOV. I wonder about the lengthy bullet-pointed paragraphs -- bullets seem to be better used for short points, and I think this would read as well or better as separate paragraphs, (with or without similar issues being grouped under subheaders of Common characteristics). What do you think? [[User:CatherineMunro| Catherine\ talk]] 04:28, 25 Nov 2004 (UTC)
I've a number of reservations about this article. It reads, at times, like a prescriptive guide to avoiding weak cryptography, like the Snake Oil FAQ., and a lot of it is opinion and not NPOV — of course, it may be wise opinion, but I don't think it fits for neutrality. I'm a bit stuck on how best to fix it. Do we really need a large list of "signs", and then to present the argument behind each sign? Is there a better approach? — Matt 12:03, 25 Nov 2004 (UTC)
I still think this article is POV at present. We present a set of security doctrines, and we argue the case for those principles; however, I don't think it's neutral to advocate these principles because they are not universally agreed upon. I'll try and reword it so that it reads as a description of the arguments, not as the argument itself. — Matt Crypto 11:53, 22 Mar 2005 (UTC)
My suggestion is to simply make it clear that what's being presented here is an opinion which is held by many leading cryptographers. Perhaps find a few who have commented on these things in the past to cite for it (I know Bruce Schneier does so regularly, but I'm sure there are others too). Having clarified that, I think the NPOV marker can come off. How does that sound? JulesH 9 July 2005 15:49 (UTC)
I'd agree that the list of potential snake oil signs here represents a common opinion in the crypto community. But is there is even a need to recognize snake oil? Souldn't users rather be able to recognize well accepted primitives? I.e., it is rather hard to decide whether a new encryption algorithm (e.g., based on some well sounding chaos theory) is potentially interesting or just snake oil. It is much easier to recognize that AES is a well accepted encryption algorithm. 24.228.93.22 01:26, 10 September 2005 (UTC)
As to the neutrality of the article, I don't think it has any bias one way or the other. Where the problem lies is that conclusions are being drawn that might be interpreted in other ways. Don't get me wrong, the info is great and I like it, but maybe two sections - Facts and Advice. I'm a n00b to wikipedia, so you can just slap me if I'm being stupid or something. -Amadameus
so I googled the former. got enough hits that I think it's word that the crypto-knowlegable use. can someone confirm that it's not a typo, that the proofreader inside me should not change it to "obfuscate"? thankz, Oscar Meyer Peener. 04:54, 1 February 2006 (UTC)
"Obfuscate" is a verb. "Obfustication" is a noun. One cannot replace a noun in a sentence with a verb. [Steven 20 March 2006]