Cryptography Reference
In-Depth Information
In another demonstration of this irrelevance, Ron Rivest proposed a
mechanism that performed encryption using authentication and stegano-
graphic techniques, both of which lay outside the scope of export regula-
tions. He commented: “As usual, the policy debate about regulating
technology ends up being obsolete by technological innovations. . . .
Mandating government access to all communications is not a viable alter-
native. The cryptography debate should proceed by mutual education and
voluntary actions only.”
30
The never-ending suspicions over the inadequacy of DES were also given
renewed vigor by John Gilmore, a cofounder of the Electronic Frontier
Foundation (EFF). Taking up a suggestion in Diffie and Hellman's 1977
analysis of the standard, he funded the development of a “DES Cracker”
machine, designed specifically to break the cipher through exhaustive key
search. Relying on 1,500 custom chips, the machine broke DES in 1998
and 1999, the first time in three days, the second time in less than twenty-
four hours through collaboration with a distributed computing initiative.
Breaking DES underlined how the then-current 56-bit key length was inad-
equate, the same key length above which products were deemed “strong”
and consequently restricted by export regulations.
31
Both breaks were
winning entries in the “DES Challenges” sponsored by RSA Data Security,
the business entity holding the patents to the public-key RSA algorithms.
By providing actual metrics for the strength of DES, the “Cracker” was
explicitly designed to influence policy makers: “The Electronic Frontier
Foundation hopes that this topic inspires a new level of truth to enter the
policy debates on encryption. In order to make wise choices for our society,
we must make well-informed choices. Great deference has been paid to the
perspective and experience of the National Security Agency and Federal
Bureau of Investigation in these debates. This is particularly remarkable
given the lack of any way for policy-makers or the public to check the
accuracy of many of their statements.”
32
To further highlight the incongruence of encryption regulation, the
Electronic Privacy Information Center, an advocacy group based in Wash-
ington, published in 1998, 1999, and 2000 a review of encryption regula-
tion across the globe, noting that “there are a small number of countries
where strong domestic controls on the use of cryptography are in place.
These include Belarus, China, Israel, Pakistan, Russia, and Singapore. . . .
The policies of the United States are the most surprising, given the fact
