Export-level Encryption Proves Insufficient

rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.

To really be safe...

[wfrp01]

If you really want to make the world a safer place, please demand that everyone wear helmets all of the time.

Yes, this is definately the way to go.

In fact, we should just make terrorism illegal, then people would stop. Because criminals follow the law, right?

Even though Osama was able to get a bunch of people into US flight schools, he surely wouldn't've been able to go to CompUSA, buy a copy of W2K off the shelf, and somehow get a 5 x 5 x 1/16" piece of plastic outside a country with roughly 10,000 miles of borders and 1500 international flights daily. Nope, no way that coulda happened.

Re:It doesn't matter because:

[alteridem]

The problem with that is that your implementation may be flawed - this accounts for the bulk of the cracked encryption. That's why it's best to use known good encryption.

That is probably why the export version of M$ Windows 2000 now ships with 128 bit encryption. The NSA knows that everything Microsoft does is flawed, but figures that it will lull the terrorists into a false sense of security...