[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Last nail for US crypto export policy?



Perhaps of interest

Crypto challenge broken -- what does this imply?

orignignal forwarding deleted

ted kochanski


>EXPORTABLE CRYPTOGRAPHY TOTALLY INSECURE: CHALLENGE CIPHER BROKEN IMMEDIATELY
>
>January 28, 1997 - Ian Goldberg, a UC Berkeley graduate student, announced
>today that he had successfully cracked RSA Data Security Inc.'s 40-bit
>challenge cipher in just under 3.5 hours.
>
>RSA challenged scientists to break their encryption technology, offering a
>$1000 award for breaking the weakest version of the code.  Their offering
>was designed to stimulate research and practical experience with the security
>of today's codes.
>
>The number of bits in a cipher is an indication of the maximum level of
>security the cipher can provide.  Each additional bit doubles the potential
>security level of the cipher.  A recent panel of experts recommended
>using 90-bit ciphers, and 128-bit ciphers are commonly used throughout
>the world, but US government regulations restrict exportable US products
>to a mere 40 bits.
>
>Goldberg's announcement, which came just three and a half hours after
>RSA started their contest, provides very strong evidence that 40-bit
>ciphers are totally unsuitable for practical security.  "This is the
>final proof of what we've known for years: 40-bit encryption technology
>is obsolete," Goldberg said.
>
>The US export restrictions have limited the deployment of technology
>that could greatly strengthen security on the Internet, often affecting
>both foreign and domestic users.  "We know how to build strong
>encryption; the government just won't let us deploy it.  We need strong
>encryption to uphold privacy, maintain security, and support commerce on
>the Internet -- these export restrictions on cryptography must be
>lifted,"  Goldberg explained.  Fittingly, when Goldberg finally
>unscrambled the challenge message, it read: "This is why you should use
>a longer key."
>
>Goldberg used UC Berkeley's Network of Workstations (known as the NOW) to
>harness the computational resources of about 250 idle machines.  This allowed
>him to test 100 billion possible "keys" per hour -- analogous to safecracking
>by trying every possible combination at high speed.  This amount of computing
>power is available with little overhead cost to students and employees at
>many large educational institutions and corporations.
>
>Goldberg is a founding member of the ISAAC computer security research group
>at UC Berkeley.  In the Fall of 1995, the ISAAC group made headlines by
>revealing a major security flaw in Netscape's web browser.
>
>--- end forwarded text
>
>
                        Ted
***************************************************************************
Ted Kochanski, Ph.D.
Sensors Signals Systems  ---  "Complex Systems -- Analysis and Architecture"
http://www.sensorsys.com
e-mail tpk@sensorsys.com   phone (617) 861-6167  fax  861-0476
11 Aerial St., Lexington, MA 02173