By Barbara Grady
BERKELEY, Calif., Jan 29 (Reuters) - As the White House and the Internet community battle over U.S. encryption laws, a University of California graduate student said he broke a code said to have the strongest encryption that U.S. law allows to be exported without restrictions.
It took him a mere three and a half hours, he said.
"It shows how silly the export restrictions are because 40-bit key length is ridiculously weak," Ian Goldberg, a graduate student of computer science at the University of Calfiornia at Berkeley, told Reuters.
The 40-bit encrypted message was published on Tuesday morning by RSA Data Security Inc, a software firm in Redwood City, Calif., which developed encryption widely used on the Internet, as a challenge to code breakers.
RSA, which is owned by Security Dynamics Technologies Inc , is one of dozens of companies trying to get the U.S. government to loosen its restrictions on export of encryption, which currently prohibit U.S. firms or citizens from putting encrypted code of more than 40-bits of length on the Internet unless the government is supplied a code key.
U.S. law allows encryptions of up to 56-bits if the government is given a key to the code, which it will hold in escrow in case a national security need arises.
The government has argued that distribution of encryption codes outside of the United States would impede its ability to fight drug trafficking and political terrorism. Congress is considering bills to loosen these restrictions.
But Internet users and Internet technology companies argue that the restrictions impede electronic commerce and widespred use of the Internet for many private business transactions. Because the Internet has no national borders, anything posted on it by a U.S. based company would be considered exporting.
Goldberg used about 250 computer workstations networked together to test various computations to break the code, which the university said would be resources pretty commonly available to people in univeristy settings.
At a data security and encryption conference being held here this week by RSA Data Security, people said Goldberg's break of the code is proof that U.S. laws need changing.
"Nobody in that room's going to trust 40-bit (cryptography) any more," said Peter Trei, senior software engineer at Framingham, Mass.-based Process Software Corp., nodding towards the San Francisco auditorium where 2,500 people were attending a cryptography conference hosted by RSA.
The gathering included some of the world's leading experts on cryptography, and a number of panelists in presentations were openly critical of the White House policy of prohibiting export of strong cryptography.
Cryptography experts said the goverment policy must enable businesses to stay ahead of the capabilities of computer hackers, but that current standards do not allow this to be exported, which also can limit Internet distribution.