[HWR_14]

"Military grade encryption" means that the government has signed off on the algorithms use for information up to a specific classification level. Probably the NSA, but maybe the DOD has their own department. It's certainly a vote of confidence, probably by people more educated about cryptography than you specifically, although possibly less trusted by you (in terms of skill and/or ulterior motives) than other people.

A big, undisputed, downside is that newer algorithms take longer to be approved and it's possible that people keep using the term after algorithms get deprecated.

Encryption is more like "milspec", meeting military minimum quality guidelines than "military issue" which is the cheapest implementation of milspec in physical (or electronic for that matter) goods.

[lazide]

Unless someone is specifically naming the military standard they are compliant with (and provides an auditing record!) it’s bullshit, 99.99% of the time.

Legit vendors who sell actual mil-spec equipment (except stuff that has known shitty mil-specs like entrenching tools) don’t use ‘military grade’ anywhere when they’re selling to the military. They go through procurement and identify the specific mil-spec’s they are compliant with.

Military grade is the weasel word way of implying they have done that without being able to be sued because they aren’t.

[HWR_14]

Fair enough. The words mean nothing while implying exactly what I thought but not saying it, and I was one of the fools who fell for it. Although I won't after today. Thank you.

[lazide]

You’re welcome. If you find something like this elsewhere, please post it too.

I consider it part of the war against Bullshit, which never ends.

Also, ‘industrial grade’, ‘heavy duty’, ‘as seen on TV’ (that one is thankfully almost dead), celebrity endorsements, and the trend in tools over the last decade of buying out an aging brand with a great market reputation and ‘capturing brand value’ by selling cheaply made versions until no one can find anything fit for purpose anymore.

[fl0wenol]

NSA is the entity in the DOD which sets certain minimum requirements and validates their cryptographic implementations. NIST owns the overarching standards for the whole government and sets requirements and performs validations through NVLAP that NSA doesn't, usually with their input.

When you see "FIPS", that means NIST approved/validated.

NSA approval/validation is relevant when the system has to handle classified information and often (but not necessarily) you start with components that have FIPS certification.

[ziddoap]

So, I understand what they intend it to mean (and maybe that wasn't clear from my original message; I work in cybersec). But what you have described is an encryption scheme which meets certain standards (i.e. it is XYZ compliant). I don't think it is justifiable to call that "military grade", and that saying so is a misrepresentation used by marketing folk.