Military Grade Encryption is Bullshit

Frequently security products insist on claiming that they use “military grade encryption.” Such claims are nonsensical marketing statements rather than factual statements about the strength of the encryption used by the product.

Andrew Fernandes made the case against the phrase best in a 1998 interview when asked about Microsoft’s claim that the _NSAKey he found in the Windows CryptoAPI just meant that Windows complied with “NSA encryption standards”,

It’s sort of like saying the phrase “military grade encryption.” Whenever you´re dealing with a security product and somebody says it´s military grade encryption your bullshit detector should really go off. And the reason for that is that the military has no standards of encryption. The military uses everything from good crypto to bad crypto to crackable crypto to uncrackable crypto to stuff that´s designed never to be used to stuff that should be used every day. And it uses it for all purposes and everything in between. But the phrase military grade crypto is an absolutely meaningless and content free statement.