Barrie,
You make some good points, but think of it this way...
I'm the head of security at some company, and I need to purchase File Encryption software to protect sensitive data on corporate PCs. There are dozens of vendors to look at including well-known ones like Security Dynamics, Vasco Data Security and Axent Technologies, and some smaller relatively obscure companies like AETI and JAWZ. With the exception of JAWZ, these companies all use well-known encryption algorithms with sufficient key lengths to make me comfortable.
Why would I, with my job on the line, be willing to risk my neck on JAWZ? I can tell my boss, well the company says it's great...and they had this contest...and this big engineering/construction company in Canada says it's ok, but no, the algorithm is not recognized by any standards organization. And no, no well-known and well-respected cryptographers have reviewed it. And oh by the way, they're an OTC company whose shares sell for .30. Can I please buy $25,000 worth of their encryption product?
This is the battle they're facing... |
