From: "tmcghan@gill-simpson.com" <tmcghan@gill-simpson.com>
Date: Mon, 3 Feb 1997 08:11:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: GAK cracking?
Message-ID: <199702031611.IAA26584@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Just days after a U.S. graduate student cracked the most powerful
computer encryption system allowed out of the country, the Commerce
Department announced it would allow three companies to export an
even stronger system. 

Until this year, computer encryption programs, which scramble 
information and render it unreadable without a password or software 
"key," were classified as munitions and stronger programs could not 
be exported. 

But under a controversial new Clinton administration policy that took 
effect Jan. 1, companies may receive permission to export stronger 
programs. 

"I'm happy that we've been able to do this within the first month 
without rancor or difficulty," Under Secretary of Commerce for Export 
Administration William Reinsch told Reuters in a telephone interview. 

To export stronger programs immediately, companies must agree to 
incorporate features within two years allowing the government to 
decode encrypted messages by recovering the software keys, however. 

The administration's policy has been widely criticized as not 
relaxing the export limits enough and some companies feared the requirement 
for a two-year plan would substantially delay export approvals. 

The quick approvals should quell some of the criticism and encourage 
more applicants, Reinsch said. 

"As a result of this, you will have more companies taking it
seriously and we will expect more plans over the next couple of
months," he said. 

Encryption was once the realm of spies and generals. But with the
explosion of online commerce on the Internet, encryption has become
a vital tool for protecting everything from a business' email
message to a consumer's credit card number sent over the net. 

The amount of protection afforded by encryption is largely a function 
of the length of the software key measured in bits, the smallest unit of 
computer data. 

Companies said products with just 40-bit long keys, the old limit, 
were too easy to crack. The approvals came just days after Ian Goldberg, a 
graduate student at the University of California, cracked a message 
encoded with a software key 40-bits long. 

The government did not name the companies given permission to export 
stronger, 56-bit programs, but Glenwood, Md.,-based Trusted 
Information Systems acknowledged that it was one of the three.