1997-02-03 - Re: GAK cracking?

Header Data

From: “C. Kuethe” <ckuethe@gpu.srv.ualberta.ca>
To: N/A
Message Hash: 0205a613bb47ce7c823186b12a5aeaed30f0881d79466560342ca1556db785e0
Message ID: <Pine.A32.3.93.970203122040.44010A-100000@gpu5.srv.ualberta.ca>
Reply To: <199702031611.IAA26584@toad.com>
UTC Datetime: 1997-02-03 19:33:32 UTC
Raw Date: Mon, 3 Feb 1997 11:33:32 -0800 (PST)

Raw message

From: "C. Kuethe" <ckuethe@gpu.srv.ualberta.ca>
Date: Mon, 3 Feb 1997 11:33:32 -0800 (PST)
Subject: Re: GAK cracking?
In-Reply-To: <199702031611.IAA26584@toad.com>
Message-ID: <Pine.A32.3.93.970203122040.44010A-100000@gpu5.srv.ualberta.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 3 Feb 1997, tmcghan@gill-simpson.com wrote:

> Just days after a U.S. graduate student cracked the most powerful
> computer encryption system allowed out of the country, the Commerce
> Department announced it would allow three companies to export an
> even stronger system. 

[snip]

> Companies said products with just 40-bit long keys, the old limit, 
> were too easy to crack. The approvals came just days after Ian Goldberg, a 
> graduate student at the University of California, cracked a message 
> encoded with a software key 40-bits long. 
> 
> The government did not name the companies given permission to export 
> stronger, 56-bit programs, but Glenwood, Md.,-based Trusted 
> Information Systems acknowledged that it was one of the three. 

Why does it not surprise me that TIS gets permission to export 56-bit (DES?) ?
They do key recovery (is it GAK?) They brag about government consulting. The
clients they will admit to having are listed on:
http://www.tis.com/docs/products/consulting/govt/govcon.html
and, purely unsubstantiated rumors here, but I've heard (seen) TIS, NSA, FBI 
and other  "friends" of ours all together in the same paragraph. Conspiracy?
Maybe... This is both good and bad.... yes, longer codes are now exportable,
but only to / by certain people?

I notice that the new cipher length is 56 bit...same size as DES? hopefully
that's just a coincidence (yeah, right) or maybe somebody's starting to see
the real world where people download pirate cryptosystems and says "so let's
export bigger ones and make a buck off it, too..." (yeah, right)


PLUR
chris
--
Chris Kuethe <ckuethe@gpu.srv.ualberta.ca> LPGV Electronics and Controls
        <c100305@wolfcreek.cs.ualberta.ca> http://www.ualberta.ca/~ckuethe/
RSA in 2 lines of PERL lives at http://www.dcs.ex.ac.uk/~aba/rsa/          
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>   
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`







Thread