[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GAK cracking?
Just days after a U.S. graduate student cracked the most powerful
computer encryption system allowed out of the country, the Commerce
Department announced it would allow three companies to export an
even stronger system.
Until this year, computer encryption programs, which scramble
information and render it unreadable without a password or software
"key," were classified as munitions and stronger programs could not
be exported.
But under a controversial new Clinton administration policy that took
effect Jan. 1, companies may receive permission to export stronger
programs.
"I'm happy that we've been able to do this within the first month
without rancor or difficulty," Under Secretary of Commerce for Export
Administration William Reinsch told Reuters in a telephone interview.
To export stronger programs immediately, companies must agree to
incorporate features within two years allowing the government to
decode encrypted messages by recovering the software keys, however.
The administration's policy has been widely criticized as not
relaxing the export limits enough and some companies feared the requirement
for a two-year plan would substantially delay export approvals.
The quick approvals should quell some of the criticism and encourage
more applicants, Reinsch said.
"As a result of this, you will have more companies taking it
seriously and we will expect more plans over the next couple of
months," he said.
Encryption was once the realm of spies and generals. But with the
explosion of online commerce on the Internet, encryption has become
a vital tool for protecting everything from a business' email
message to a consumer's credit card number sent over the net.
The amount of protection afforded by encryption is largely a function
of the length of the software key measured in bits, the smallest unit of
computer data.
Companies said products with just 40-bit long keys, the old limit,
were too easy to crack. The approvals came just days after Ian Goldberg, a
graduate student at the University of California, cracked a message
encoded with a software key 40-bits long.
The government did not name the companies given permission to export
stronger, 56-bit programs, but Glenwood, Md.,-based Trusted
Information Systems acknowledged that it was one of the three.