[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Last nail for US crypto export policy?
- To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
- Subject: Last nail for US crypto export policy?
- From: tedk <firstname.lastname@example.org>
Perhaps of interest Crypto challenge broken -- what does this imply? orignignal forwarding deleted ted kochanski >EXPORTABLE CRYPTOGRAPHY TOTALLY INSECURE: CHALLENGE CIPHER BROKEN IMMEDIATELY > >January 28, 1997 - Ian Goldberg, a UC Berkeley graduate student, announced >today that he had successfully cracked RSA Data Security Inc.'s 40-bit >challenge cipher in just under 3.5 hours. > >RSA challenged scientists to break their encryption technology, offering a >$1000 award for breaking the weakest version of the code. Their offering >was designed to stimulate research and practical experience with the security >of today's codes. > >The number of bits in a cipher is an indication of the maximum level of >security the cipher can provide. Each additional bit doubles the potential >security level of the cipher. A recent panel of experts recommended >using 90-bit ciphers, and 128-bit ciphers are commonly used throughout >the world, but US government regulations restrict exportable US products >to a mere 40 bits. > >Goldberg's announcement, which came just three and a half hours after >RSA started their contest, provides very strong evidence that 40-bit >ciphers are totally unsuitable for practical security. "This is the >final proof of what we've known for years: 40-bit encryption technology >is obsolete," Goldberg said. > >The US export restrictions have limited the deployment of technology >that could greatly strengthen security on the Internet, often affecting >both foreign and domestic users. "We know how to build strong >encryption; the government just won't let us deploy it. We need strong >encryption to uphold privacy, maintain security, and support commerce on >the Internet -- these export restrictions on cryptography must be >lifted," Goldberg explained. Fittingly, when Goldberg finally >unscrambled the challenge message, it read: "This is why you should use >a longer key." > >Goldberg used UC Berkeley's Network of Workstations (known as the NOW) to >harness the computational resources of about 250 idle machines. This allowed >him to test 100 billion possible "keys" per hour -- analogous to safecracking >by trying every possible combination at high speed. This amount of computing >power is available with little overhead cost to students and employees at >many large educational institutions and corporations. > >Goldberg is a founding member of the ISAAC computer security research group >at UC Berkeley. In the Fall of 1995, the ISAAC group made headlines by >revealing a major security flaw in Netscape's web browser. > >--- end forwarded text > > Ted *************************************************************************** Ted Kochanski, Ph.D. Sensors Signals Systems --- "Complex Systems -- Analysis and Architecture" http://www.sensorsys.com e-mail email@example.com phone (617) 861-6167 fax 861-0476 11 Aerial St., Lexington, MA 02173