In response to a challenge from Laurentiu Badea, Jyri Kaljundi
ee> apologized for including PGP in his list of "weak easily
breakable crypto programs." He wrote:
>[...] What I really meant was PGP as a company (www.pgp.com and
>PGPMail product) - I thought they have an weak easily breakable export
>version available also. I checked now and seems they have only one strong
>product there, so they are not cheating people in the free world (like for
>example RSA does with their RSA SecurPC product).
I was going to let this go -- both because it is (almost) off-topic
here, and because I, like many Yanks, sympathize with non-Americans like
Mr. Kaljundi who are angry at the US government's restrictions on the
quality and strength of US cryptographic tools sold to non-American buyers.
I finally decided to post a response because this List educates so many
people; and an unchallenged allegation like that -- particuarly from a
respected figure like Jyri Kaljundi -- just misleads too many newbies.
So: what _is_ this horseshit!? The charge that RSADSI is "cheating
people" because it conforms to US law and export regulations and only sells
a limited (40-bit key) version of RSA SecurPC outside the US and Canada is
inaccurate and damn unfair!
No US company has fought the US export regs as openly and
imaginatively as RSADSI (despite the fact that RSA PKC has no patent
protection outside the US and Canada.) No crypto vendor has worked harder
or more successfully to objectively and concretely define, document, and
publicize the relative weakness of 40-bit keys on secret-key ciphers.
The ongoing RSA Secret-Key Challenge -- and the successful attacks
on 40 and 48-bit RC5 keys documented in that contest -- are widely believed
to have had a significant impact on US government policy. Many believe
that RSA SecurPC, along with several competitors, will soon be approved for
international sales with strong (128-bit RC4) crypto -- in part, because of
RSA's Challenge and the firm's vigorous user-education campaign.
Virtually all the companies and concerns which have bought and
installed the key-limited international version of SecurPC have done so
fully aware of the limitations imposed by US law -- and, largely because of
RSA's educational campaign, they were able to buy this and other
similarly-restricted encryption products with a realistic sense of what
that export restriction means in terms of the time, equipment, and money
required to brute-force any secret-key cipher with an 40-bit key.
RSA's website, product docs, and the company's ongoing PR and
public education campaign offer fullsome details on why 40-bit key-lengths
are inadequate for serious security. Few companies sell a product they
place in such a harsh limelight. None I can think of ever focused the lens
of that harsh light so willfully and self-consciously upon itself.
If, despite this government-imposed limitation on key-length, the
export version of RSA SecurPC has found a market nitche, it is largely
because SecurPC also offers technical innovation of the sort people expect
from RSA Labs: notably the split-key emergency access feature (which can
require a threshold number of trustees, say 10 of 20 designated corporate
trustees, to act in unison to provide emergency access to an employee's
encrypted files) and the SecurPC's ability to create an "irreversible"
self-extracting RC4 ciphertext (which can be legally sent from the US to
anywhere in the world, despite being encrypted with a 128-bit key.)
And there are, as well, a vast array of situations in which a
40-bit cipher suffices -- as someone like Mr. Kaljundi understands quite
My impression is that the marketing folks for RSA and its parent
company, SDTI (with which I have had a consulting relationship for many
years,) have been quotably hopeful that the US government will soon approve
export of their 128-bit version of SecurPC. I hope their optimism is
warranted, but whether they are right or wrong, I don't think it has misled
anyone about the strengths and weaknesses of the current export product. I
suggest RSADSI has invested too much imagination, energy, and honor into
educating the international crypto market for that to happen.
I apologize to anyone who finds this another irksome digression for
Vin McLellan + The Privacy Guild + <vin @
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --