Equivocation - Why its all just "pseudo-security"
Ever wondered why "cryptography" is full of "gurus", "experts" and considered an "art"? It's to hide the truth that its actually a scientific engineering field, and not a religion. Ever since mathematicians got involved with assumptions of mathematical complexity, the field has gone down a cul-de-sac.
The difference between military and commercial cryptography, is that military cryptanalysts know what equivocation is, and never use the term "snakeoil". That's because once you understand equivocation, the term "snakeoil" is meaningless, its like calling a car "fast" or "slow", when warp speed is the objective. It's a term used by amateurs.
Frankly, much of what is taught by academia as security is "pseudo-security", perpetuating a failed mathematical solution that will never solve the security problem. That's why there are no security guarantees to current solutions. Its not the implementations, its the solutions themselves, they have unsound scientific foundations.
Military Encryption 101:
1. To say a security system is secure/insecure is pointless, since all systems are absolutely secure, up to a certain length of message/ciphertext called the unicity point. Beyond the unicity point, a cryptosystem has log 0 key/message equivocation. It's breached.
2. An English message encrypted with AES-256 is secure to 39 characters only. Beyond 39 characters it has an ""insecurity guarantee", and is guaranteed to be broken under brute force (or faster).
3. For a cipher to be considered "secure", it must have an equivocation greater than 2 for an infinite length message. Searching for a needle in a haystack, is not security, its a security flaw. For such a search to be "secure" there must be at least two needles in the haystack.
4. Such "unbreakable" systems have existed since 1917 (one time pad) but have limitations.
5. A new absolutely secure system without limitations has just been invented and patented worldwide (PCT Patent) called "equivocation augmentation".
The underlying principle is as follows: The cryptosystem key entropy is the fuel of encryption, and is used up encrypting every message character. Equivocation is the fuel gauge. All encryptions under the cipher are secure until the entropy is depleted, and equivocation is equal to zero (This occurs at the unicity distance - the fuel range). Infinite length messages DO NOT NEED infinite length starting keys, one merely needs to "refuel" the cipher key entropy at a faster rate than it can be depleted. This is trivial to accomplish.
So, whilst current cryptography is not "snakeoil", it is not "secure" either. Like pseudo-random number generators, its "pseudo-security" - looks like the real thing, but isn't - it's fake. Anyone who calls it security, is just perpetuating the fraud.
Equivocation augmentation will be available soon, everywhere.