[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Last nail for US crypto export policy?
- To: cn_volunteers@qualware.com, gpk@research.bell-labs.com, inferno@interstice.com, isig.bcs.org@mailnfs0.tiac.net
- Subject: Last nail for US crypto export policy?
- From: tedk <tpk@sensorsys.com>
Perhaps of interest
Crypto challenge broken -- what does this imply?
orignignal forwarding deleted
ted kochanski
>EXPORTABLE CRYPTOGRAPHY TOTALLY INSECURE: CHALLENGE CIPHER BROKEN IMMEDIATELY
>
>January 28, 1997 - Ian Goldberg, a UC Berkeley graduate student, announced
>today that he had successfully cracked RSA Data Security Inc.'s 40-bit
>challenge cipher in just under 3.5 hours.
>
>RSA challenged scientists to break their encryption technology, offering a
>$1000 award for breaking the weakest version of the code. Their offering
>was designed to stimulate research and practical experience with the security
>of today's codes.
>
>The number of bits in a cipher is an indication of the maximum level of
>security the cipher can provide. Each additional bit doubles the potential
>security level of the cipher. A recent panel of experts recommended
>using 90-bit ciphers, and 128-bit ciphers are commonly used throughout
>the world, but US government regulations restrict exportable US products
>to a mere 40 bits.
>
>Goldberg's announcement, which came just three and a half hours after
>RSA started their contest, provides very strong evidence that 40-bit
>ciphers are totally unsuitable for practical security. "This is the
>final proof of what we've known for years: 40-bit encryption technology
>is obsolete," Goldberg said.
>
>The US export restrictions have limited the deployment of technology
>that could greatly strengthen security on the Internet, often affecting
>both foreign and domestic users. "We know how to build strong
>encryption; the government just won't let us deploy it. We need strong
>encryption to uphold privacy, maintain security, and support commerce on
>the Internet -- these export restrictions on cryptography must be
>lifted," Goldberg explained. Fittingly, when Goldberg finally
>unscrambled the challenge message, it read: "This is why you should use
>a longer key."
>
>Goldberg used UC Berkeley's Network of Workstations (known as the NOW) to
>harness the computational resources of about 250 idle machines. This allowed
>him to test 100 billion possible "keys" per hour -- analogous to safecracking
>by trying every possible combination at high speed. This amount of computing
>power is available with little overhead cost to students and employees at
>many large educational institutions and corporations.
>
>Goldberg is a founding member of the ISAAC computer security research group
>at UC Berkeley. In the Fall of 1995, the ISAAC group made headlines by
>revealing a major security flaw in Netscape's web browser.
>
>--- end forwarded text
>
>
Ted
***************************************************************************
Ted Kochanski, Ph.D.
Sensors Signals Systems --- "Complex Systems -- Analysis and Architecture"
http://www.sensorsys.com
e-mail tpk@sensorsys.com phone (617) 861-6167 fax 861-0476
11 Aerial St., Lexington, MA 02173
- Prev by Date: Re: Inferno marketing vs. Java marketing
- Next by Date: Re: Inferno marketing vs. Java marketing -Reply
- Prev by thread: WebATM & Inferno?
- Next by thread: Re: Ideas -Reply
- Index(es):