Slashdot Mirror

← Back to Stories (view on slashdot.org)

Export-level Encryption Proves Insufficient

Posted by michael on from the forty-bits-is-not-enough dept.

rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.

13 of 517 comments (clear)

  1. To really be safe... by wfrp01 · · Score: 5, Funny

    If you really want to make the world a safer place, please demand that everyone wear helmets all of the time.

    --

    --Lawrence Lessig for Congress!
  2. Re:well that settles it.. by linzeal · · Score: 4, Funny

    I thought the US annexed the UK with mtv and endless pop culture in the early 80's.

    --
    An Education is the Font of All Liberty
  3. Yes, this is definately the way to go. by Anonymous Coward · · Score: 5, Funny

    In fact, we should just make terrorism illegal, then people would stop. Because criminals follow the law, right?

    Even though Osama was able to get a bunch of people into US flight schools, he surely wouldn't've been able to go to CompUSA, buy a copy of W2K off the shelf, and somehow get a 5 x 5 x 1/16" piece of plastic outside a country with roughly 10,000 miles of borders and 1500 international flights daily. Nope, no way that coulda happened.

  4. New slashdot poll by Salsaman · · Score: 3, Funny
    What should be the US legal limit on encryption for export ?

    40 bit

    128 bit

    Cowboy Neal with a pen

    1. Re:New slashdot poll by swordgeek · · Score: 3, Funny

      Stronger than all of the above:

      Jon Katz steganography.

      --

      "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
    2. Re:New slashdot poll by ShadowDrgn · · Score: 2, Funny

      Unfortunately, Cowboy Neal with a pen cannot be reliably decrypted.

    3. Re:New slashdot poll by curunir · · Score: 4, Funny

      Unfortunately, even computers will stop reading before they reach the end of the article, so you'd probably have some data loss.

      --
      "Don't blame me, I voted for Kodos!"
  5. Re:well that settles it.. by MikeyLikesIt! · · Score: 3, Funny
    I'm not a terrorist...

    Yeah, yeah. That's what they all say... :-)

    --

    I dunno... What do you wanna do?

  6. Rjindael is from Belgium! by Steve+Cox · · Score: 2, Funny

    So banning 128bit encryption from export from the US will stop everyone getting hold of the AES standard Rjindael because US export regulations obviously cover Belgium.

    What a dum idea.

    Steve.

  7. Re:It wasn't the 40 bit encryption that was at fau by Gid1 · · Score: 3, Funny
    Suppose they hired the equivalent of a director of IT though, who would come up with approved solutions.
    Terrorist: "Hello? Is that the Al-Qaida support helpline?"
    Recorded voice: "Please press 1 if your call is related to the time-limited explosives exchange program. Please press 2 if you are experiencing problems igniting your shoes. Or please hold to speak to a support terrorist."
    (time passes)
    Recorded voice: "Please hold.. your call is important to us, brother. We are currently transitioning our support strategy to Compaq Global Services."
    (time passes.. bad musak to the tune of "The Girl from Ipanema")
    BoFA (Bastard Operator from Afghanistan): "Hello, caller, you're through."
    T: "Hi, er.. yeah.. my laptop seems to be broken.. I can't decrypt my files!"
    BoFA: "Are you using the Standard Terrorist Operating Environment?"
    T: "Er.. no.. my cell leader says that this other routine we found on the internet is more secure."
    BoFA: "I'm afraid we only support the STOE with W2K SP2 128-bit EFS."
    T: "Is there anything you can do?"
    BoFA: "You can wipe the laptop and start again. We can do that for you, but we'll have to charge 10,000,000,000,000 afghanis (or US$100) to your cost code."
    T: "But it's got secret plans of the Pentagon on it!"
    BoFA: "I'm sorry, I can't help you. If every terrorist picks their favourite non-symmetric crypto, we can't be expected to know them all. We're trying to run an elite multinational terrorist organisation here."
    T: "Okay.. I'll try somewhere else. On another matter, can you help me with my Palm Pilot? I stuffed it with C4, and now it won't start properly."
    BoFA: "I'm afraid we only support Pocket PC."
    *click*
  8. Re:It doesn't matter because: by alteridem · · Score: 5, Funny
    The problem with that is that your implementation may be flawed - this accounts for the bulk of the cracked encryption. That's why it's best to use known good encryption.

    That is probably why the export version of M$ Windows 2000 now ships with 128 bit encryption. The NSA knows that everything Microsoft does is flawed, but figures that it will lull the terrorists into a false sense of security...

  9. Various Crypto Strengths.. by dfenstrate · · Score: 3, Funny

    128 bit- HaHa, silly mortal! You'll never unlock my secrets before the apocolypse comes!!!
    64 bit- You'll get my secrets when they're no longer of any use! (RC5 anyone?)
    56 bit- Never! Never will you have my secrets. If never means three weeks from now anyway.
    40 bit- You'll have to arm-wrestle me for access.
    32 bit- You'll have to thumbwrestle me for access.
    24 bit- You want access? You'll pry it from my cold, dead... Hey, give that back!!!
    8 bit- What's your favorite color?
    4 bit- Guess my shoe size
    1 bit- Want access?
    0 No
    1 Yes

    --
    Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
  10. just a day at the office by BenHmm · · Score: 3, Funny

    and it probably happened just the same way as it would in any organisation... Pointy Bearded Boss tells computer-guy to 'make the computer secure' or something. Computer guy thinks "Bollocks to that, we're in the arse end of Afghanistan, who's going to come and get it?" ,uses the default available, and goes for a coffee. PBB gives him a slap on the back and everyone has a nice glowy feeling.

    Next thing, al-qaeda is owned by the l33t nsa haxors, and their credit card numbers are all over irc.

    bummer for the sysadmin.