Slashdot Mirror

← Back to Stories (view on slashdot.org)

Export-level Encryption Proves Insufficient

Posted by michael on from the forty-bits-is-not-enough dept.

rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.

5 of 517 comments (clear)

  1. Re:well that settles it.. by ptrourke · · Score: 3, Informative

    HE WAS/IS A CITIZEN OF THE USA

    Since when? Reid is a British subject, not a US Citizen.

  2. Get with the program... by GiorgioG · · Score: 5, Informative

    128-bit Encryption Becomes the Default in Windows 2000 Service Pack 2 (SP2)

    The Windows® 2000 operating system was the first Microsoft platform with 128-bit encryption to be shipped internationally after the United States government relaxed its export restrictions for strong encryption in early 2000. Microsoft has obtained the necessary approvals to ship Windows 2000 with strong encryption to all customers worldwide except U.S. embargoed destinations.

  3. Re:Yeah by ichimunki · · Score: 3, Informative

    If I was anybody anywhere looking for encryption tools, I'd start with GnuPG. This way we can avoid patented algorithms and proprietary/closed source problems altogether from the git go.

    --
    I do not have a signature
  4. Re:Yeah by Discoteck · · Score: 3, Informative

    Here is a link to the MIT distribution site for PGP freeware. I haven't tried the GNU Privacy gaurd yet, but the MIT site seems to be more comprehensive in comparison. For instance they have a .exe for Windows 95/98/NT/2000! and the Macintosh and a Command Line version for UNIX. Although you need One of these flavors of UNIX:
    Sun Solaris for SPARC version 2.51 or later; AIX 4.2 or later; HPUX 10.20 or later; and of course Linux x86 Red Hat (RPM) 5.0 or later. To encypt mail they use something being developed on sourceforge [woo hoo] called Mailcrypt . It does say on the Mailcrypt site that they now support both PGP and GnuPG. So now I am not sure of the difference between the two.

    --
    /.................../ \\ /...................../
  5. Why bother smuggleing a CD out? Books are legal. by SomethingOrOther · · Score: 3, Informative

    somehow get a 5 x 5 x 1/16" piece of plastic outside a country

    Why bother?
    Just print the code in a book (or even use the 3-line RSA algoritham on a bit of paper) and it was perfectly legal to export it from the US (freedom of the press).
    This is how the international PGP versions were legitematley exported, and then scanned in using OCR to get the code in an electronic format again.

    This was partly why the law was overturned. What is the point in banning the export of code in an electronic format, when it was perfectly legal (first amendment) to export in a writen format.

    --
    Anyone quoted by a reporter knows how little they understand
    Don't believe what you read is the truth.