Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Thanksgiving for the Mandarins of Brussels

From: David Farber <farber () cis upenn edu>
Date: Tue, 25 Nov 1997 13:21:04 -0500
From: Vin McLellan <vin () shore net>


Hi Dave,


        On the Firewalls mailing list, Ming Lu from Singapore asked, with
concern, for more background about several vague references to groups which
had successfully brute-forced DES and various other ciphers.  The
explanation I posted this morning (with a little Bible thumpin') seems to
have stimulated and cheered a lot of people, so I thought I'd offer it to
IP.  Regards,  _Vin
------------


        Ming Lu <mlu () hq si net> asked:



I would like to see reports reagding these successful attacks. I could
not find them at CERT.



Hi Ming,


        Franco was talking about various collective efforts organized in
response to the RSA Symmetric Key Challenge, a contest -- see
<http://www.rsa.com> -- in which individuals and groups of volunteers (tens
of thousands, in some cases) worked together in distributed collaborative
efforts to "crack," successively, known-plaintext ciphers created with
40-bit keys (RC5,) 48 bit keys (RC5,) and 56-bit keys (both DES and RC5.)


        Unlike 56-bit DES, RC5 can obviously accept variable key lengths.
RSA's RC series of symmetric-key cryptosystems (RC2, RC4, and RC5 are all
widely used) were all created by Ronald Rivest -- an MIT prof who still
teaches; one of three inventors of the RSA public key cryptosystem; and a
founder of RSA Data Security (now part of SDTI.)  RC stands for "Ron's
Code."


        The Challenge was oranized by RSA to illustrate and document the
relative strength of symmetric cryptosystems with these (and longer!) key
lengths.  Both DES and RC5 are widely believed to be so well designed that
the only feasible attack is a "brute force" effort to try all possible
combinations for the given key-length.  As the preminent US crypto vendor,
RSA also hoped to highlight the relative weakness of the  40-bit
cryptosystem -- which, when the contest was launched last year, was the
strongest crypto the US govt allowed to be freely exported -- and force the
government to relax its restrictions.


        In this, the contest was somewhat successful.  Ian Goldberg's
one-man 3 1/2 hour crack of the 40-bit RC5 key was a major embarassment to
those who had defended the US export control policy. It did force changes
in the export regs.  The US now allows the export of 56-bit cryptosystems
freely -- but _only_ by companies which agree to design or redesign their
encryption products to include a third-party access scheme (generally with
a second or master-key.)  This third-party access mechanism is to be held
by some entity (corporate, government, or "trusted third party") which can
and will make it available to the US government, upon legal demand (but
without the knowledge of those who are actually using the cryptography.)


        US cryptographic export licenses are now explicitly a mechanism to
force US software companies -- and certainly, not only just vendors of
cryptography -- to agree to the undisclosed demands of the US intelligence
agencies in order get permits to export any crypto-enhanced software
products.  Technical negotiations between the US authorities and corporate
reps are conducted in secret, in a procedure so vague and subjective as to
make any grant of a permit appear arbitrary.




        For cryptosystems which have this so-called "key recovery"
machanism built into them, the US government seems to allow fairly free
export of US defacto-standard (128-bit symmetric) encryption software to
international banks, overseas US firms, and US subsidiaries.  Most other
overseas markets are allowed to purchase only cryptosystems with key
lengths no greater than 56-bits.


        Until fairly recently, it looked as if the US government -- under
pressure from our FBI, police, and intelligence agencies -- was in full
retreat from the promise of electronic on-line commerce and was blithely
trying to reconstitute Merchantilism, where major trade initiatives can
only take place when government(s) give permission or otherwise restrain
themselves from interfering.  Would not routing all deals, proposals,
transactions, past a digital government agent (which may or may not be
turned on,) inevitably distort and dwarf electronic commerce?


        Given the Libertarian bombast so widely heard in the US, it is a
delicious irony that it was left to the Social Democracies of Europe,
acting through the European Union, to insist that legitimate commerce --
and the personal affairs of a Citizen in a democracy -- must be shielded
from pre-emptive government/police oversight.


        The US Congress often seems to have only a tenuous grasp of the
relationship between policy and the economy, so you might yet see the US
outlaw strong cryptography in both domestic and export IP products.  That
would be an enormous boon to the non-American software industry (all to the
better, you might say;-) -- but in the US and elsewhere, it would also
empower a generation of bureaucrats and tempt them to tamper there, here,
and everywhere, in an increasingly transparent society.


        The European Commission's rude recent rejection of the American
policy -- this whole huge effort to manage and restrict public and
commercial access to strong cryptography internationally -- makes that far
less likely.


        In the US, this is the season of Thanksgiving.


        Myself, I give thanks to the Lord and toast the career bureaucrats
of the EC,  variously far-seeing and self-interested. They dared to place
their hope for the future in economic growth -- cryptographically-enabled
trans-border trade, finance, commerce; transactions in the billions; and
decentralized individual enterprise -- rather than allow themselves to be
tempted by the C3 Control fantasies of the spooks and the various "National
Security" ministries.  I think they weighed the risks on both sides. Three
cheers for the mandarins of Brussels!


        Suerte,
                _Vin


P.S. I beg the indulgence of the List for the blatent soapbox.  I was going
to just mail this to Ming Lu in Singapore, then I decided to post it too --
in case Ming or anyone else wanted to dispute, or otherwise comment on my
Thankgiving toast.  Happy holiday from Boston.


"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."


_ A thinking man's Creed for Crypto/ vbm.


*     Vin McLellan + The Privacy Guild + <vin () shore net>    *
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548








**************************************************
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Ben Franklin, ~1784
**************************************************
Previous By Date Next
Previous By Thread Next

Current thread: