[Closi]

The company who wrote the software are in the presentation and explain this - 192 / 256 could not be used because of export restrictions, so AES-128 is actually what they used.

1024 is marketing fluff, which they justified by running 8 passes on the file encryption key (to paraphrase the presentation - ‘Regular consumers don’t understand encryption standards, but think bigger numbers = better and trust the term Military Grade’).

[denton-scratch]

No military buys "military-grade" anything. Militaries buy stuff that conforms to some specific military standard.

[dane-pgp]

Right, it's an unhelpful qualifier.

I'm reminded of the comments of chemistry experts about the UK government using the phrase "military-grade nerve agent"[0]. Firstly, no military would ever admit to owning the stuff (since even the permanent members of the UN security council are signatories of the Chemical Weapons Convention), but, more obviously, there's no such thing as a civilian-grade nerve agent.

I suppose what they meant was "no medical, industrial, or commercial uses", or "requires the resources of an entire country to create and manage", but those aren't attributes that you would want for your security software.

[0] The Financial Times, 2018 - https://archive.ph/0eZl8

[ethbr0]

> there's no such thing as a civilian-grade nerve agent

Paraoxon? Dichlorodiphenyltrichloroethane? Bifenthrin?

[Closi]

> Right, it's an unhelpful qualifier.

Depends who you are - If you are in marketing, it's a really helpful qualifier (i.e. it's something that the general public clearly put stock in, as mentioned in the presentation).