Export-level Encryption Proves Insufficient 517
rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.
Re:well that settles it.. (Score:3, Informative)
HE WAS/IS A CITIZEN OF THE USA
Since when? Reid is a British subject, not a US Citizen.
Get with the program... (Score:5, Informative)
The Windows® 2000 operating system was the first Microsoft platform with 128-bit encryption to be shipped internationally after the United States government relaxed its export restrictions for strong encryption in early 2000. Microsoft has obtained the necessary approvals to ship Windows 2000 with strong encryption to all customers worldwide except U.S. embargoed destinations.
Re:It doesn't matter because: (Score:2, Informative)
Looking at that article now today, and mind you it was not very technical, and it only described the math involved pretty sweeping, my biggest problem offhand from doing my own encryption would be generating big enough primes.
That is where any "advanced math algorithms" book, or for that matter site comes in. They are not gonna put restrictions on exporting prime numbers, are they?
It is stupid. A talented 15-year old with enough determination and time on his/her hands can hack something good enough together, if it wasn't already available out there. You think huge terrorist networks with tons of cash couldn't find someone to do it for them, if they needed it?
Don't you think that broke terrorists have at least a few among them that would do it for free?
Re:Yeah (Score:3, Informative)
Don't you actually READ anything!?!? (Score:2, Informative)
1.) Export restrictions aren't about making it impossible to get high encryption (that in and of itself would be impossible), but to make it more difficult. Much like the point of encryption itself. Sure, you could get PGP and the like, but could you be bothered to go out of your way like that? Obviously at least one criminal didn't, or else you wouldn't be reading this.
2.) No, the criminals won't automatically be the most heavily-encrypted amongst us. If you actually took two seconds to read the description of the article (if not the article itself), you'd see that this is about a very big isntance where a criminal DIDN'T use heavy encryption. Your argument officially doesn't hold as much water as it used to any more. Time to try something new.
3.) This is about EXPORT restrictions. EXPORT! EXPORT! You know, where something LEAVES THE US!?!? Restricting what kind of crypto can be exported doesn't do a damned thing to the domestic market unless you're a seller trying to export your stuff or you're a foreign organization trying to buy the software on the open market. Restrictions on domestic crypto sale and use may or may not be an issue, but it doesn't have a damned thing to do with this article beyond sharing the words "crypto" and "export." If you read things more closely than your average IRC bot, you'd have noticed that.
Go ahead, mod me down to -17 flamebait or troll or whatever. Just so long as you're spending your mod points on sending me down there instead of modding up some of the posts I've seen in here so far described as "interesting" and "insightful."
Re:Yeah (Score:3, Informative)
Sun Solaris for SPARC version 2.51 or later; AIX 4.2 or later; HPUX 10.20 or later; and of course Linux x86 Red Hat (RPM) 5.0 or later. To encypt mail they use something being developed on sourceforge [woo hoo] called Mailcrypt [sourceforge.net] . It does say on the Mailcrypt site that they now support both PGP and GnuPG. So now I am not sure of the difference between the two.
Re:It doesn't matter because: (Score:1, Informative)
I remember a couple of years ago an Irish high-school student developed a new encryption algorithm and it made the news all over the world. I suppose you'll say she did it with help from... aliens, perhaps?
Why bother smuggleing a CD out? Books are legal. (Score:3, Informative)
somehow get a 5 x 5 x 1/16" piece of plastic outside a country
Why bother?
Just print the code in a book (or even use the 3-line RSA algoritham [cypherspace.org] on a bit of paper) and it was perfectly legal to export it from the US (freedom of the press).
This is how the international PGP versions were legitematley exported, and then scanned in using OCR to get the code in an electronic format again.
This was partly why the law was overturned. What is the point in banning the export of code in an electronic format, when it was perfectly legal (first amendment) to export in a writen format.
Microsoft EFS was broken in 1999 (Score:1, Informative)
Getting to the heart of the documents contained in the al-Qa'ida computer bought by chance by the Wall Street Journal's reporter in Kabul meant cracking the encryption of Microsoft's Windows 2000 operating system installed on the machine, which had been used to protect the data.
That is not a trivial task. Microsoft will only say that if you lose the password that controls entry to a Windows 2000 system, your best option is to remember it or simply to wipe the machine and start again. And its Encrypting File System (EFS), which had been used to encode the files, is just as strong.
Now read This paper [securitybugware.org] on how to read EFS encrypted hard disks.
Cracking Windows 2000 VS "getting In" (Score:1, Informative)
Re:Yeah (Score:2, Informative)