[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WSJ on RC4

Thanks to David Sternlight for posting pointer to this.


The Wall Street Journal
September 19, 1994
p. B10


RSA Data Security
Says Exposed Code
Poses No Threat

By Ralph T. King Jr.

Staff Reporter of The Wall Street Journal

The anonymous dissemination over the last several
days of a software code used to safeguard the
privacy of electronic messages in no way threatens
the security of existing computer networks,
according to the code's owner and encryption

However, the defiant act is expected to trigger a
trade-secret dispute between the culprit and RSA
Data Security Inc., the Redwood City, Calif.,
company that developed the code. The act also
raises thorny legal questions about how public
data networks, collectively known as the Internet,
may be used.

An unidentified person used the Internet to post
RSA's encryption code, called RC4, on electronic
bulletin boards. The RC4 code works something like
a padlock. But knowing how the lock works isn't
enough to open it. The system user has an
individualized combination or key that prevents
access by other parties to private computer

RSA's code product is incorporated in numerous
popular software programs, including those of
Apple Computer Inc., Lotus Development Corp. and
Microsoft Corp. Some reports published over the
weekend indicated that the disclosure might
jeopardize the integrity of computer systems that
are equipped with these programs.

"This doesn't compromise systems that are in use,"
says Jim Bidzos, president of closely-held RSA.
"This is a misappropriation of our intellectual
property. It's a legal issue and it will be
pursued." Mr. Bidzos also said officials at U.S.
Customs Service and the Federal Bureau of
Investigation are investigating the matter.

One analyst noted that disclosure of the formula
may benefit RSA because some users have questioned
whether its code contains the equivalent of secret
trapdoors enabling people familiar with it to
eavesdrop on private communications at will. As a
result, some computer operators have turned to an
alternative code whose formula is publicly

Now it will be clear to interested parties that no
such trapdoors exist, Mr. Bidzos said. In any
case, RSA is about to release a new encryption
code for use with the latest computer-chip
architecture, he said.

One possible effect of the disclosure is to shed
light on the extent of legal liability that
applies to people who make copyrighted or
protected material freely available on the
Internet. Those who use such material under
license typically sign nondisclosure agreements.
In this case, someone apparently violated a
nondisclosure pact and in effect invalidated the
protections of RSA, the formula's owner.