Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Security fears give hackers an easy ride in US

Thursday 30 January 1997 19:02 EST
Comments

San Francisco (AP) - It's the most secure encryption code the United States has allowed to be exported - and it took a postgraduate student only three-and-a-half hours to break it, industry officials say.

"It shows you that any kid with access to computers can crack this kind of cryptography," said Kurt Stammberger of RSA Data Security. "The cryptography software that you are allowed to export is so weak as to be useless."

The company put its challenge on the Internet on Monday, offering $50,000 (pounds 30,600) in prizes to crack various levels of encryption codes.

The United States government, worried about security, has barred exports of lengthy encrypted codes.

Last month, the Clinton administration began allowing companies to export longer encryption devices - but only if they have a way for law enforcement officials to crack the code and intercept the communications. Most computer companies have rejected that demand.

Meanwhile, Ian Goldberg, a University of California postgraduate student, took on RSA Data Security's challenge by linking together 250 idle workstations that allowed him to test 100 billion possible "keys" per hour.

That's like trying every possible combination for a safe at high speed, and many students and employees of large companies have access to such computational power, the university said.

After 210 minutes, Goldberg had decoded the message, which read, "This is why you should use a longer key".

Goldberg, who won $1,000 (pounds 617) for his effort, says the moral is clear: "This is the final proof of what we've known for years - [this] technology is obsolete."

Almost all business software now requires encryption, a necessity for any company doing business over the Internet. But no one will buy US software that can be cracked by a student in three-and-a-half hours.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in