Slashdot Mirror

← Back to Stories (view on slashdot.org)

Export-level Encryption Proves Insufficient

Posted by michael on from the forty-bits-is-not-enough dept.

rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.

6 of 517 comments (clear)

  1. But ... the laws have changed already by Troed · · Score: 0, Redundant
    ... us foreigners can now download 128bit strong encryption for Windows and other programs.


    [however, Lotus Notes is still 56 bit with the NSA holding 16 bits, right?]

    --
    it's in my head
  2. Meaningless by NiftyNews · · Score: 2, Redundant

    The laws are meaningless. I'm sure we can all think of dozens of ways to subvert them.

    For instance, I could just fly over the US, buy/borrow/steal a copy of whatever software I wanted, dupe the CD and label it "Backstreet Boy's Greatest Hits" for my carry-on CD case.

    --
    ------
    Today's Top Deals
  3. When Strong Crypto Is Outlawed by joel_archer · · Score: 2, Redundant

    Only Outlaws Will have Strong Crypto.

  4. Re:Yeah by MikeyLikesIt! · · Score: 0, Redundant
    Yeah because prohibiting the export of this will prevent anyone evil from getting hold of it...

    I'm sure that the US has its fair share of evil people.

    --

    I dunno... What do you wanna do?

  5. Re:Yeah by johnburton · · Score: 2, Redundant

    That was my point. Or that not all encryption originates in the USA. Or that you can download many implementations already. Or that you could go to the USA, buy a product with encryption and upload it to a server for download in the rest of the world. Or buy a book on encryption and write your own. It's not exactly a secret how most of it works. Or just use the 128 bit encryption that came with your copy of windows...

    The point is that it will make no difference to "evil" people but will annoy the law abiding majority.

    --
    Sig is taking a break!
  6. Re:It doesn't matter because: by Gaijin42 · · Score: 2, Redundant

    Apparently it does matter. There are quite often comments on SlashDot such as "If strong encryption is made illegal, only criminals will have strong encryption"

    In this case, the criminals did not have strong encryption, at a time during which it would be illegal for them to have the strong encryption. If the export restriction had not been in place, certainly Microsoft would have put out the strongest encryption everywhere.

    al Qaeda is arguably one of the most advanced and resourceful enemies the United States has (if you ignore state governments)

    The fact that they did not have strong encryption shows that the policy of export controls was in fact productive.

    As my parent post indicated, anyone with math skills and programming skills can make strong encryption. But apparently (suprise? I'm not!) not everyone in the world is a programmer, or has people who can program for them!