I was disappointed to realize the snake-oil competition is a parody, because a properly-implemented version of it could teach valuable lessons to non-technical consumers.
Many products make outrageous claims about their security. Try browsing the aisles of Best Buy or any major department store. From smart-home sensors to security-cameras to anti-virus software, the shelves are stocked full with snake-oil security products advertising themselves as legitimate. These are the products that big retailers and OEM partners are marketing to the public as "secure," with much lower standards for security than any expert would assert.
To prove this to the public, what better way than a competition for benevolent security researchers to create a wolf-in-sheeps-clothing? The competition is to produce most shiny, marketable product design that looks like a "security" product, but does something far more sinister than protect its users.
Product ideas: "Anonymous router" that actually logs all traffic and sends it to a printer in the local police office; "Smart Home Hub" that performs active exploitation attacks against connected devices; "Smart TV" that actually films its users and live streams their living room to a website.
You must be looking for the Underhanded Crypto Contest: The Underhanded Crypto Contest is a competition to write or modify crypto code that appears to be secure, but actually does something evil. See https://underhandedcrypto.com/
The major complaint against AES is that it is very difficult to implement in a data-independent way without hardware support. Bernstein has done some research on this (http://cr.yp.to/antiforgery/cachetiming-20050414.pdf), and a major theme of his research has been designing systems that are friendly to implementers.
I have no idea if that is what this specific dig ("they already master the art of snake oil") pertains to.
I'm not qualified to answer that question, but I was curious too, did some googling and found another resource. This is still not very satisfying, but there is a little more information on the Reddit thread about this competition:
Speaking of Keccak their landing page is full of snake-oily marketing such as "rock-solid security strength level" and "heavier SHAKE512" or "extremely high 256 bits" like they are trying to sell me a battle armor video game addon. I realize there is misinformation floating around ever since the questionable SHA3 competition but bolding arbitrary words and injecting "rock-solid" into your criticism debunking isn't helping. http://keccak.noekeon.org/
I am not really part of the "crypto community", but I know that Tanja Lange and Orr Dunkelman are both held in high regard (am not familiar with the other two names).
Many products make outrageous claims about their security. Try browsing the aisles of Best Buy or any major department store. From smart-home sensors to security-cameras to anti-virus software, the shelves are stocked full with snake-oil security products advertising themselves as legitimate. These are the products that big retailers and OEM partners are marketing to the public as "secure," with much lower standards for security than any expert would assert.
To prove this to the public, what better way than a competition for benevolent security researchers to create a wolf-in-sheeps-clothing? The competition is to produce most shiny, marketable product design that looks like a "security" product, but does something far more sinister than protect its users.
Product ideas: "Anonymous router" that actually logs all traffic and sends it to a printer in the local police office; "Smart Home Hub" that performs active exploitation attacks against connected devices; "Smart TV" that actually films its users and live streams their living room to a website.
(Bonus points if they credit real products!)