RE: Another Snake Oil Candidate

Dave Korn writes: > So by your exacting standards, PGP, gpg, openssh, in fact basically > _everything_ is snake oil. No. In fact Aram is saying nothing of interest. Cryptography without a threat model is like motherhood without apple pie. Can't say that enough times. More generally, securi

Re: Another Snake Oil Candidate

Damien Miller writes: > It protects against the common threat model of lost/stolen USB keys. Remember, crypto without a threat model is like cookies without milk. -- --my blog is athttp://blog.russnelson.com | People have strong opinions Crynwr sells support for free software | PGPok | a

RE: Another Snake Oil Candidate

On 12 Sep 2007 20:18:22 -0700, Aram Perez wrote: > I don't about you, but when I hear terms like (please pardon my > cynicism): > "with military grade AES encryption" - Hum, I'll have > to ask NIST > about that. AES can be permitted for use in classified environments. See http://csrc.nist.

Re: Another Snake Oil Candidate

Hi, On 13/09/07 15:14, Ian G wrote: > Hagai Bar-El wrote: >> Hi, >> >> On 12/09/07 08:56, Aram Perez wrote: >>> The IronKey appears to provide decent security while it is NOT plugged >>> into a PC. But as soon as you plug it in and you have to enter a >>> password to unlock it, the security level

RE: Another Snake Oil Candidate

I looked at the Ironkey website and, although there is obviously a little marketing-speak, my snake-oil and BS detectors do not go off. Some of the criticisms by Aram Perez appear to be somewhat unjustified. Perez states: "Protected by a password that is entered on whatever PC you plug the Ir

Re: Another Snake Oil Candidate

Damien Miller wrote: > It protects against the common threat model of lost/stolen USB keys. Why is > this snake oil? Your criticism seems akin to calling a physical lock insecure > because it doesn't protect you from burglars once you have unlocked it. Many many years ago an office that a startup

RE: Another Snake Oil Candidate

On 13 September 2007 04:18, Aram Perez wrote: > "to circumvent keylogging spyware" - More on this later... > "The first time you plug it in, you initialize it with a password" - > Oh, wait until I disable my keylogging spyware. > "You enter that password to unlock your secure fi

Re: Another Snake Oil Candidate

Hagai Bar-El wrote: Hi, On 12/09/07 08:56, Aram Perez wrote: The IronKey appears to provide decent security while it is NOT plugged into a PC. But as soon as you plug it in and you have to enter a password to unlock it, the security level quickly drops. This would be the case even if they suppo

Re: Another Snake Oil Candidate

Hi Jerry, I accidently sent this response in HTML last night which was bounced. So here it is again. On Sep 11, 2007, at 2:18 PM, Leichter, Jerry wrote: | The world's most secure USB Flash Drive: . What makes you call it snake oil? At least the URL you point

Re: Another Snake Oil Candidate

On Sep 12, 2007, at 1:56 AM, Aram Perez wrote: The IronKey appears to provide decent security while it is NOT plugged into a PC. But as soon as you plug it in and you have to enter a password to unlock it, the security level quickly drops. This would be the case even if they supported Mac

Re: Another Snake Oil Candidate

On Tue, 11 Sep 2007, Aram Perez wrote: > The IronKey appears to provide decent security while it is NOT plugged into a > PC. But as soon as you plug it in and you have to enter a password to unlock > it, the security level quickly drops. This would be the case even if they > supported Mac OS or *n

Re: Another Snake Oil Candidate

Hi, On 12/09/07 08:56, Aram Perez wrote: > The IronKey appears to provide decent security while it is NOT plugged > into a PC. But as soon as you plug it in and you have to enter a > password to unlock it, the security level quickly drops. This would be > the case even if they supported Mac OS or

Re: Another Snake Oil Candidate

Hi Jon, On Sep 11, 2007, at 5:35 PM, Jon Callas wrote: I'm a beta-tester for it, and while I can understand a small twitch when they talk about "miltary" and "beyond military" levels of security, it is very cool. It has hardware encryption and will erase itself if there are too many pass

Re: Another Snake Oil Candidate

I'm a beta-tester for it, and while I can understand a small twitch when they talk about "miltary" and "beyond military" levels of security, it is very cool. It has hardware encryption and will erase itself if there are too many password failures. I consider that an issue, personally, but i

Re: Another Snake Oil Candidate

| The world's most secure USB Flash Drive: . What makes you call it snake oil? At least the URL you point to says very reasonable things: It uses AES, not some home-brew encryption; the keys are stored internally; the case is physically protected, and has some kind o

Re: Another Snake Oil Candidate

On 9/11/07, Aram Perez <[EMAIL PROTECTED]> wrote: > The world's most secure USB Flash Drive: . you didn't explain why it is a "Snake Oil" Candidate.. - The Cryptography Mailing List Unsubscribe b