Slashdot Mirror
Rumors of Liberalized US Crypto Policy
GoBears writes "A "high-placed" AC within the federal government leaked the news. The Merc says: Exporters of the strongest encryption products, which generally have keys of 128 bits or more, will no longer need to license each shipment. Instead, they will in most instances only need to have a one-time technical review of the product. " At least its a step in the right direction. Of course,
the real end is no restrictions on any kind of software, but we can dream, right?
This only seems to be an improvement at first gloss. It'll make it easier for companies to distribute products with strong encryption once they've passed a technical review. However consider the technical review itself for a minute. Will the government be using experts to ensure that the underlying cryptological techniques are sound and that the implementation is sound? A more likely scenario is that the technical review will center more around required backdoors or weaknesses so that the government can get in if they deem it necessary. The end result isn't easy export of strong encryption, the end result is easy export of "strong" encryption.
For this I'm sure I want to be an AC...
When I was at Apple, I heard a bit about the "technical review" that the NSA did on AOCE. The NSA apparently insisted that a function be inserted into the key generation. My understanding is that the function reduced the keyspace from 2^64 to about 2^40, though the keys remained 64 bits in length. The function also avoided classes of keys known to be weak. I have to believe that there are more than 2^40 strong keys in that space.
So, while in some sense strengthening the product - by avoiding weak keys - they also, in my opinion, enabled their ability to decrypt communication.
Now, I never knew what the function was - I really don't want to know - but I doubt that it would take more than a few weeks for an attacker with MacNosy to find the function in AOCE.
Do you think that other "technical reviews" are significantly different? Lets hear from someone directly involved in one.
My understanding of the NSA's position re. DES was that they were opposed to software implementations because they did not believe that any software encryption solution was secure. Indeed, this is still the official line -- check out the Data Encryption Standard and you'll find that it specifies only hardware implementations are compliant.
I don't think the standard could have been published at all without giving away the algorithm; I don't see how releasing DES in "non-algorithm form" could have been done. This "NSA wanted to sit on DES" thing is acquiring the status of an urban myth.
I'm quite prepared to believe that the NSA are black hats, and that they have all sorts of back doors into things. But their public behaviour has not given much support to this view. Every intervention of the NSA of which I am aware has had the effect of making a product more secure, not less.
Which seems right to me. Although encryption can be used by terrorists etc, it would be a poor intelligence organisation indeed which depended on broken signals for its information. The major use of encryption is commercial. And the damage which might be caused by not being able to intercept an email is absolutely nothing compared to the damage to the USA which might be caused by allowing the Bank of America and Citicorp to use an insecure encryption system for their transactions.
I wouldn't rule conspiracy theories out entirely, but I am currently not convinced.
jsm