California student unscrambles Internet code U.S. urged to loosen restrictions on encryption exports January 30, 1997 Web posted at: 2:45 p.m. EST In this story: * Government vs. commerce * A matter of trust * Related sites BERKELEY, California (Reuters) -- As the White House and the Internet community battle over U.S. encryption laws, a University of California graduate student said he broke a code said to have the strongest encryption that U.S. law allows to be exported without restrictions. It took him a mere three and a half hours, he said. "It shows how silly the export restrictions are because 40- bit key length is ridiculously weak," Ian Goldberg, a graduate student of computer science at the University of California at Berkeley, told Reuters. The 40-bit encrypted message was published Tuesday morning by RSA Data Security Inc., a software firm in Redwood City, California, which developed encryption widely used on the Internet, as a challenge to code breakers. RSA, owned by Security Dynamics Technologies Inc., is one of dozens of companies trying to get the U.S. government to loosen its restrictions on the export of encryption, which currently prohibit U.S. firms or citizens from putting encrypted code of more than 40-bits of length on the Internet unless the government is supplied a code key. U.S. law allows encryptions of up to 56-bits if the government is given a key to the code, which it will hold in escrow in case a national security need arises. Government vs. commerce The government has argued that distribution of encryption codes outside of the United States would impede its ability to fight drug trafficking and political terrorism. Congress is considering bills to loosen these restrictions. But Internet users and Internet technology companies argue that the restrictions impede electronic commerce and widespread use of the Internet for many private business transactions. Because the Internet has no national borders, anything posted on it by a U.S. based company would be considered exporting. Goldberg used about 250 computer workstations networked together to test various computations to break the code. The university said those resources would be pretty commonly available to people in university settings. A matter of trust At a data security and encryption conference being held here this week by RSA Data Security, people said Goldberg's break of the code is proof that U.S. laws need changing. "Nobody in that room's going to trust 40-bit (cryptography) any more," said Peter Trei, senior software engineer at Process Software Corp., of Framingham, Massachusetts., as he nodded toward the San Francisco auditorium where 2,500 people were attending the cryptography conference. The gathering included some of the world's leading experts on cryptography, and a number of panelists in presentations were openly critical of the White House policy of prohibiting export of strong cryptography. Cryptography experts said the government policy must enable businesses to stay ahead of the capabilities of computer hackers, but that current standards do not allow this to be exported, which also can limit Internet distribution. Copyright 1997 Reuters Limited. All rights reserved. © 1997 Cable News Network, Inc. All Rights Reserved. Terms under which this service is provided to you.