Export-level Encryption Proves Insufficient

rossjudson writes: "The Independent is running an article about the shoe bomber terrorist. The interesting bit for Slashdot readers is at the bottom -- apparently the 40-bit encryption in the export version of Windows 2000 was cracked by a set of computers using a brute force method. So let's confront the question: Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system." There's another article in New Scientist focusing on the encryption issue.

Yeah

Yeah because prohibiting the export of this will prevent anyone evil from getting hold of it...

True

When my company started a contract with a software shop in Romania for them to write software for us, corporate policy required all communications to be encrypted. We got PGP and GPG for the various servers, they bought PGP from the PGP International people and our keys were all 1024 bit keys. Nothing to it.

What the crypto regulations really do is prevent most people in the USA from adopting it. None of the three-letter agencies want everyone encrypting their E-mail or network traffic by default. That simply wouldn't do -- if everyone did it, how would they know who actually has something to hide? So they make it a pain in the ass for software developers to incorporate it into their software and they make it a pain in the ass for most users (Who don't know to go to international sites where you don't have to fill out a form to download the software) to get it.

The irony is that now they're bitching because the network is so insecure and how a cyber-attack could bring down public utilities and banks and things. Well they're just reaping what they've sown. The network would have tended to cryptographic authentication and tighter security except for the artificial and fundamentally useless restrictions the federal government has put in place.

To really be safe...

If you really want to make the world a safer place, please demand that everyone wear helmets all of the time.

It doesn't matter because:

Advanced Math Textbook +
Computer +
Low-level programming skills =

High Grade Encryption... Anywhere in the world.

Re:It doesn't matter because:

Heh. I implemented Blowfish back in high school, using readily-available information. It didn't require any exceptional level of skill, just a basic knowledge of crypto and the ability to translate an algorithm into code.

For those who don't know, Blowfish is a very strong cipher that supports up to 448-bit keys.
Just for kicks, I changed 2 lines of the code and made an "exportable" version with 32-bit keys.

Crypto export laws are a complete joke. The US does not have a monopoly on strong encryption; it's not as if we are supplying some scare resource to the rest of the world. If a 17 year old geek could implement strong encryption on a laptop in his bedroom, I am fairly certain a ring of terrorists could do the same.

On the other hand, these laws do cause a considerable hassle for law-abiding organizations that wish to add security to their products. Therefore I believe that these laws are detrimental and should be repealed immediately.

-John

Re:It doesn't matter because:

I implemented Blowfish back in high school, using readily-available information

The problem with that is that your implementation may be flawed - this accounts for the bulk of the cracked encryption. That's why it's best to use known good encryption.

Re:It doesn't matter because:

The problem with that is that your implementation may be flawed - this accounts for the bulk of the cracked encryption. That's why it's best to use known good encryption.

That is probably why the export version of M$ Windows 2000 now ships with 128 bit encryption. The NSA knows that everything Microsoft does is flawed, but figures that it will lull the terrorists into a false sense of security...

40 bit crypto was _desinged_ to be cracked

40 bits is nothing, and has been for decades.
That limit was /chosen/ to be crackable. And in my book, and in the minds of many others, that pretty much disqualifies it from even being called 'crypto'.

THL.

Why not?

Should the US prohibit the export of high-encryption software?

Sure, why not? It isn't as if there are any cryptographers [pgpi.org] in any other countries [www.ssh.fi] in the world, is it?

Legislation is pointless, and even damaging in this case. The cryptography playing field is fairly level. That's not inherently a good or a bad thing; just as al-Queda can encrypt their files, they are equally prevented from intercepting sensitive information by the same technology. If legislation restricts crypto, we will find ourselves in a situation in which the FBI can't crack terrorist comms, yet terrorists can intercept commercial data. Airline security information, oilrig blueprints, whatever.

Re:Why not?

We're not talking about restricting domestic encryption here. The issue is specifically about export restrictions.

You might have a point if US citizens never traveled on non-US airlines. That simply isn't true. Terrorism is a global problem.

What I see here is an instance where, because of our export restrictions, we WERE able to crack terrorist comms. The old argument of "They won't use handicapped software" doesn't seem to hold as much water as it used to.

It's very easy to fall into the trap of assuming that al-Queda are stupid. I am not committing sedition by saying they are in all likelihood just as smart as the law enforcers hunting them. With no technology, and (relatively) little money, massively outnumbered and outgunned, Osama and his people are still free. No-one knows where he as, and he is able to communicate with his organization at will.

Let me give you an analogy. The minimum wage high-school dropout flipping hamburgers doesn't mean that the global fast-food corporation isn't run by Harvard MBAs. The Shoebomber was a pawn in this, nothing more.

I have some familiarity with cryptography, because of my work, but it's not a life-or-death thing for me. You can bet every terrorist with a computer is googling for "crypto" right now.

Re:well that settles it..

I thought the US annexed the UK with mtv and endless pop culture in the early 80's.

40 bits is useless

[...] this pretty much settles the question for me that 40-bit, even 64-bit just isn't enough.

Correct. 40-bit keys have no protective value. Remember the article about IBM's crypto chip being broken? (Somebody please provide the link to /. article, I can't at the moment.) In practice, they broke single DES, 56 bits worth of security in a good block cipher. In brute force.

It took at most 2 days with ~1000 $US worth of gear to find the key. Let's assume that they needed the full 48 hours to get that key broken. Simple math follows:

48 hours is 48*3600 seconds. It takes this much time to brute-force a 56-bit key. 40 bits is 1/(2^16) times the size of that, hence the time to break a 40-bit key with similar equipment is 48*3600/(2^16) seconds. This is no more than about 2.6 seconds.

To underline this as clearly as I can: 40-bit keys provide NO security. They may have provided some, at a time - but definetely not for some time now.

The news is the who, not the what.

The only real newsworthy bit I saw in it is that apparently the people who bought the laptop and then decrypted the disk are not govenrment operatives, but "just" people working for the Wall Street Journal. If anything, this says that moderate cryptography knowledge has become routine in corporate America.

When the NSA can uncover my deepest secrets, that's one thing. When a potential employer can decrypt anything protected with twenty year old technology, I don't worry yet, but talk to me again in my mid-40s. I wonder when some of the early posts to alt.anonymous.* will become decipherable.

I don't get this...

Why do people think that having a law regarding exporting software/code is going to stop ANYONE from using it? It's just like gun laws in Canada, the only people who are affected are the law abiding citizens who legally use their guns, or have them for decoration. If someone REALLY wants to use 128 bit encryption, they are going to. There is no way around that. Software is so easily obtainable that anyone who has access to a Windows platform can download it and install it. It really is a no brainer.

Now for this guy who happened to have 40-bit encryption installed by default, he's just a moron then. He obviously didn't know that 40-bit was easily breakable, he didn't care, or didn't take the 10 seconds to download and enable 128 bit on his computer.

I chalk it up to stupidy on his part for not simply looking for the stronger encryption (it's out there, and easily obtainable).

Now for the conspiracy theorists: He wasn't ACTUALLY using 40-bit encryption, that's what they want you to think. He was using the full 128-bit encryption, but the NSA can easily crack that level now due to the computer power they have. They simply tell the media it's 40-bit just so that we don't come up and develop something even more powerful which would take them longer to decrypt.

Shoe bomber = idiot

He's obviously a complete idiot for only using 40-bit encryption in the first place. He's an idiot for trying to light the shoes with a match.

Conclusion: We know the guy is an idiot... what would happen if a SMART person tried this?

Re:Shoe bomber = idiot

A truly smart person probably wouldn't belive that terrorist action would accomplish their goals.

I fear that that thought process is what got us into this mess in the first place. We have always assumed that these terrorists were unorganized nutcases running around with bombs attached to themselves.

And then on 9/11 we found out how organized and intelligent they could be and how ignorant we were. The truth is that there are some scarily intelligent people in these terrorist organizations who are using religious ferver to control otherwise sane individuals.

"If ignorant both of your enemy and yourself, you are certain to be in peril." - Sun Tzu. The Art of War

Get with the program...

128-bit Encryption Becomes the Default in Windows 2000 Service Pack 2 (SP2) [microsoft.com]

The Windows® 2000 operating system was the first Microsoft platform with 128-bit encryption to be shipped internationally after the United States government relaxed its export restrictions for strong encryption in early 2000. Microsoft has obtained the necessary approvals to ship Windows 2000 with strong encryption to all customers worldwide except U.S. embargoed destinations.

Yes, this is definately the way to go.

In fact, we should just make terrorism illegal, then people would stop. Because criminals follow the law, right?

Even though Osama was able to get a bunch of people into US flight schools, he surely wouldn't've been able to go to CompUSA, buy a copy of W2K off the shelf, and somehow get a 5 x 5 x 1/16" piece of plastic outside a country with roughly 10,000 miles of borders and 1500 international flights daily. Nope, no way that coulda happened.

Psss, don't tell anyone

As the new scientist article stated at the end, "there are other ways." If the government has learned anything from current events is High Tech is useless when dealing with people who only trust those they know. As as the article said, "not using strong encryption just makes it easier" for bad people to exploit businesses.

Considering how much planning and communication had to take place for 9/11 to happen, we only have a video tape and a few files? Sounds like the low tech method works better for keeping things under raps. Is a computer isn't going to commit suicide if the FBI catches it (well I suppose you could boobie trap it). A terrorist on the otherhand can mislead, or commit suicide. The only thing weak encryption does is make businesses more vulnerable to government snooping and crackers. Plus the government can use things like a warrant to get access. Oh I forgot they hate having to ask judges for warrants and answering questions like "do you have sufficient proof or cause?"

New slashdot poll

What should be the US legal limit on encryption for export ?

40 bit

128 bit

Cowboy Neal with a pen

Re:New slashdot poll

Unfortunately, even computers will stop reading before they reach the end of the article, so you'd probably have some data loss.

Faulty analysis...

This is a serious case of faulty analysis, if anybody thinks this is evidence that crypto export restrictions ever were or could be effective. While it is true that forcing the default shipments of much software to 40-bit does make getting strong crypto a _conscious_ decision and require a small, but definite output of effort, to find and download a secure solution (in your country of choice), the people most likely to put forth this effort are those who need it.

Who needs it? Well, businesses, anybody with information they want to keep private, anybody with information they don't want their bosses or employers to know, anybody who keeps secret information or documents that they don't want wife/children/family/parents to pry into, people with mistresses, and yes, perhaps some really bad people like terrorists.

The fact that one already acknowledged to be EXTREMELY incompetent terrorist who failed to successfully ignite his shoe bomb (which was packed with high explosive) ALSO failed to properly obtain a high security add-on for his computer is evidence of exactly one thing: his incompetence. Not of the effectiveness of export restrictions. So while I agree that perhaps investigators obtained useful information because he was using weak encryption, and that is fortunate, export restrictions would not prevent a determined, modestly informed criminal or criminal organization from using real crypto (as opposed to 40 bit crippleware).

You could argue that a really determined criminal could take down a plane too. That's probably true, but we're talking about levels of effort on different orders of magnitude here. One involves 5 minutes and a few clicks on a computer. The other involves serious tactical planning to commit a terrorist act. Conclusion: crypto export restrictions have never protected us from a competent criminal, and they still cause economic harm by restricting free trade of goods that support proper encryption by US companies, giving unfair advantage to foreign companies.

conspiracy theorie!

So let me get this straight...

Two journalist are in Afghanistan, one of their laptop is broken, so they deside to buy anther one.

So far, so good, I would probably have tried to repair it and ask for replacement, but then, I am not in Afghanistan.

They buy two computers, another laptop and a desktop. What did they buy the desktop for again?
And they buy it from people who are looting buildings? I always thought journalist to have low ethics anyway...

Instead of re-installing the PC, they decide to look at what is on it. Ok, I can understand that, but they must have spent quite some time looking at those files to determine that they were willing to spend five days to crack some of the encrypted files they found.

In other words, two american journalist pick up a PC (they had no reason to buy), and they happen to find Terrorist secret files on it. Sounds too good to be true. I don't buy it, it's a setup.

And now they use that to attest of the validity of the export restriction on encryption.

If the BSA or RIIA is going after me because I have some illegal stuff on my hard disk, I can just claim that I got my PC second hand, and that all this stuff was left there by the terrorists who had the PC first...

It wasn't the 40 bit encryption that was at fault

The reason why this guys messages were decrypted through brute force wasn't because of the 40 bit encryption, it was because he didn't understand the difference between good encryption and bad encryption. The encrypting file system under Windows 2000 will only provide protection against casual inspection. Your day to day things are pretty secure, mostly because nobody is interested enough in it to go to the expense of decrypting it. When you try to blow up an airliner people become a bit more interested in the data you've got stored on your computer.

If this guy was informed about cryptography (not necessarily knowledgable, but informed - sort of like having the equivalent of a financial planner for cryptography) he would've used one of a number of bolt on products to really secure his computer. Some of these products are commercial, others are open source. He may have more difficulty getting (and if he's properly informed - less trust in) the higher grade commercial packages but it'd still be doable. Fly to California, go to Fry's and buy it. If he goes for the source code route its just about impossible to police. You can get it anywhere in the world where there's an internet connection or a mail system (CD ROM or a package of floppies through the mail).

Saying that 40 bit encryption is an assistance to the CIA/FBI/NSA is only true if you rely on having stupid terrorists, in this case it was obviously true. Suppose they hired the equivalent of a director of IT though, who would come up with approved solutions. Life would become more difficult for the government. Whether the solutions that are proposed are legal or not doesn't matter. You're planning on blowing up aircraft, knocking down buildings and killing people. You won't even bat an eyelash at breaking encryption laws.

What low grade encryption really helps with is gathering data against ordinary citizens such as the guy who was a bit less than honest about his tax return.

Also, despite this low grade encryption the attack wasn't stopped. It's only after everybodies eyes were on this guy that his computer was examined and found to have low grade encryption.

Empirical evidence no match for clever theory?

I've just read 50 posts saying that limiting export strength encryption won't stop any non-US people from using higher encryption. I agree that this makes perfect sense. It's completely logical.

But everyone seems to conveniently ignore the fact that this group DID rely on the export strength encryption that they had available. They DIDN'T use PGP or any one of the myriad of other options for better encryption. Perhaps the premise that a slashdot reader is familiar with other encryption techniques isn't equivalent to the premise that an Al-Qaida member will be familiar with other encryption techniques.

Any reasonable and complete argument against limiting export strength encryption at least needs to address this fact. One could argue that it is an unusual case, that it won't be repeated, that you don't care if non-US folks have default access to better encryption, etc.

But arguing that it will never stop anyone from using better techniques seems silly when presented with this case of a group using exactly the default abilities that they were given in Win2k.

Encryption should be available to everyone

"Should the US prohibit the export of high-encryption software? Here is a case where the default values (40 bit) clearly helped recover valuable information from a system."

If the US could somehow ensure that we were the only ones who provided encryption, this may be an argument on national security bounds. However, we cannot.

If anything, all of this talk about encryption has provided criminals with the knowledge that we can eventually break in. Even if that were not the case, better encryption is available in any of over a hundred countries, many with little concern for US regulations. I believe 128-bit encryption has been freely available for years, provided by companies outside the US.

We need freely available encryption of every higher levels to stay ahead of our enemies (and some would argue our friends). Consider it only took five days to break the 40-bit encryption. How long would it take someone to brute force his or her way into a financial institution? Banks, trading firms; electronic merchants, etc. are and or should be constantly upgrading their security and encryption levels.

Encryption should be viewed like a car. A car has very powerful, valuable, perhaps even essential uses. Unfortunately, people can use cars to rob, kidnap, and murder. Still, we allow and even encourage access to cars because the benefits far outweigh the problems that periodically occur.

Interesting question...

A couple of points to be noted:

• Win2K uses DES, which is notoriously vulnerable to today's raw CPU power and dedicated, custom-built machines. [eff.org]
• "Export-grade" US crypto is ridiculously vulnerable, and this has been known for years. People who take crypto seriously outside of the US have other sources [pgpi.org] of crypto [gnupg.org].

Despite this public knowledge, Al Quaeda has been using weak (MS-supplied) crypto to protect sensitive information... that could be discovered within days. Therefore:

• Al-Quaeda/Bin Laden operatives are not the crime geniuses the US government say they are. As a matter of fact, they appear as pretty incompetent to me.
• The [CIA | NSA] should have intercepted that data before 9/11 -- or, at the very least, got those machines before the reporters did. They also appear as pretty incompetent to me, and I don't know if that's good news or not...

Just my US$0.02...