Security fears give hackers an easy ride in US

Click to follow
The Independent Online
San Francisco (AP) - It's the most secure encryption code the United States has allowed to be exported - and it took a postgraduate student only three-and-a-half hours to break it, industry officials say.

"It shows you that any kid with access to computers can crack this kind of cryptography," said Kurt Stammberger of RSA Data Security. "The cryptography software that you are allowed to export is so weak as to be useless."

The company put its challenge on the Internet on Monday, offering $50,000 (pounds 30,600) in prizes to crack various levels of encryption codes.

The United States government, worried about security, has barred exports of lengthy encrypted codes.

Last month, the Clinton administration began allowing companies to export longer encryption devices - but only if they have a way for law enforcement officials to crack the code and intercept the communications. Most computer companies have rejected that demand.

Meanwhile, Ian Goldberg, a University of California postgraduate student, took on RSA Data Security's challenge by linking together 250 idle workstations that allowed him to test 100 billion possible "keys" per hour.

That's like trying every possible combination for a safe at high speed, and many students and employees of large companies have access to such computational power, the university said.

After 210 minutes, Goldberg had decoded the message, which read, "This is why you should use a longer key".

Goldberg, who won $1,000 (pounds 617) for his effort, says the moral is clear: "This is the final proof of what we've known for years - [this] technology is obsolete."

Almost all business software now requires encryption, a necessity for any company doing business over the Internet. But no one will buy US software that can be cracked by a student in three-and-a-half hours.