Interesting People mailing list archives
IP: Thanksgiving for the Mandarins of Brussels
From: David Farber <farber () cis upenn edu>
Date: Tue, 25 Nov 1997 13:21:04 -0500
From: Vin McLellan <vin () shore net> Hi Dave, On the Firewalls mailing list, Ming Lu from Singapore asked, with concern, for more background about several vague references to groups which had successfully brute-forced DES and various other ciphers. The explanation I posted this morning (with a little Bible thumpin') seems to have stimulated and cheered a lot of people, so I thought I'd offer it to IP. Regards, _Vin ------------ Ming Lu <mlu () hq si net> asked:
I would like to see reports reagding these successful attacks. I could not find them at CERT.
Hi Ming, Franco was talking about various collective efforts organized in response to the RSA Symmetric Key Challenge, a contest -- see <http://www.rsa.com> -- in which individuals and groups of volunteers (tens of thousands, in some cases) worked together in distributed collaborative efforts to "crack," successively, known-plaintext ciphers created with 40-bit keys (RC5,) 48 bit keys (RC5,) and 56-bit keys (both DES and RC5.) Unlike 56-bit DES, RC5 can obviously accept variable key lengths. RSA's RC series of symmetric-key cryptosystems (RC2, RC4, and RC5 are all widely used) were all created by Ronald Rivest -- an MIT prof who still teaches; one of three inventors of the RSA public key cryptosystem; and a founder of RSA Data Security (now part of SDTI.) RC stands for "Ron's Code." The Challenge was oranized by RSA to illustrate and document the relative strength of symmetric cryptosystems with these (and longer!) key lengths. Both DES and RC5 are widely believed to be so well designed that the only feasible attack is a "brute force" effort to try all possible combinations for the given key-length. As the preminent US crypto vendor, RSA also hoped to highlight the relative weakness of the 40-bit cryptosystem -- which, when the contest was launched last year, was the strongest crypto the US govt allowed to be freely exported -- and force the government to relax its restrictions. In this, the contest was somewhat successful. Ian Goldberg's one-man 3 1/2 hour crack of the 40-bit RC5 key was a major embarassment to those who had defended the US export control policy. It did force changes in the export regs. The US now allows the export of 56-bit cryptosystems freely -- but _only_ by companies which agree to design or redesign their encryption products to include a third-party access scheme (generally with a second or master-key.) This third-party access mechanism is to be held by some entity (corporate, government, or "trusted third party") which can and will make it available to the US government, upon legal demand (but without the knowledge of those who are actually using the cryptography.) US cryptographic export licenses are now explicitly a mechanism to force US software companies -- and certainly, not only just vendors of cryptography -- to agree to the undisclosed demands of the US intelligence agencies in order get permits to export any crypto-enhanced software products. Technical negotiations between the US authorities and corporate reps are conducted in secret, in a procedure so vague and subjective as to make any grant of a permit appear arbitrary. For cryptosystems which have this so-called "key recovery" machanism built into them, the US government seems to allow fairly free export of US defacto-standard (128-bit symmetric) encryption software to international banks, overseas US firms, and US subsidiaries. Most other overseas markets are allowed to purchase only cryptosystems with key lengths no greater than 56-bits. Until fairly recently, it looked as if the US government -- under pressure from our FBI, police, and intelligence agencies -- was in full retreat from the promise of electronic on-line commerce and was blithely trying to reconstitute Merchantilism, where major trade initiatives can only take place when government(s) give permission or otherwise restrain themselves from interfering. Would not routing all deals, proposals, transactions, past a digital government agent (which may or may not be turned on,) inevitably distort and dwarf electronic commerce? Given the Libertarian bombast so widely heard in the US, it is a delicious irony that it was left to the Social Democracies of Europe, acting through the European Union, to insist that legitimate commerce -- and the personal affairs of a Citizen in a democracy -- must be shielded from pre-emptive government/police oversight. The US Congress often seems to have only a tenuous grasp of the relationship between policy and the economy, so you might yet see the US outlaw strong cryptography in both domestic and export IP products. That would be an enormous boon to the non-American software industry (all to the better, you might say;-) -- but in the US and elsewhere, it would also empower a generation of bureaucrats and tempt them to tamper there, here, and everywhere, in an increasingly transparent society. The European Commission's rude recent rejection of the American policy -- this whole huge effort to manage and restrict public and commercial access to strong cryptography internationally -- makes that far less likely. In the US, this is the season of Thanksgiving. Myself, I give thanks to the Lord and toast the career bureaucrats of the EC, variously far-seeing and self-interested. They dared to place their hope for the future in economic growth -- cryptographically-enabled trans-border trade, finance, commerce; transactions in the billions; and decentralized individual enterprise -- rather than allow themselves to be tempted by the C3 Control fantasies of the spooks and the various "National Security" ministries. I think they weighed the risks on both sides. Three cheers for the mandarins of Brussels! Suerte, _Vin P.S. I beg the indulgence of the List for the blatent soapbox. I was going to just mail this to Ming Lu in Singapore, then I decided to post it too -- in case Ming or anyone else wanted to dispute, or otherwise comment on my Thankgiving toast. Happy holiday from Boston. "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A thinking man's Creed for Crypto/ vbm. * Vin McLellan + The Privacy Guild + <vin () shore net> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 ************************************************** "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Ben Franklin, ~1784 **************************************************
Current thread:
- IP: Thanksgiving for the Mandarins of Brussels David Farber (Nov 25)