RC4 article in Saturday (Sept 17) New York Times
John Markoff has a piece on the RC4 betrayal in the Business section of the Saturday NY Times (page 37), "A secret computer code is out -- Key to data security appears on internet". Not much that hasn't already been said here or on sci.crypt, but there was an interesting quote from Jim Bidzos that suggested that one of the conditions RSADSI agreed to in order to get approval of 40 bit RC4 for export in shrink-wrap software included keeping the algorithm confidential. Bidzos speculated that the NSA could revoke RC4's export status as a result of the disclosure. Also, the piece reports that "The RC4 formula was first circulated on Tuesday to a specialized computer network mailing list of computer researchers who oppose the Government's stringent controls on data encryption technology. The mailing list, which has thousands of computer users around the world, is known as Cypherpunks, and the mailings usually consist of highly technical discussions of data encryption technology." I guess Markoff gets Eric Blossom's moderated version of the list :-) -matt
-----BEGIN PGP SIGNED MESSAGE----- Matt Blaze writes:
the Saturday NY Times (page 37), "A secret computer code is out -- Key to data security appears on internet". [ . . . ] Bidzos speculated that the NSA could revoke RC4's export status as a result of the disclosure.
"Since this algorithm has been released world-wide, we will not allow you to export it." Man, these guys make my head hurt. - ------------------------------------------------------------------------ A contract programmer is always intense. Patrick May pjm@gasco.com (public key available from servers) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLnsgvxByYwhWPvz1AQHU4gQAmNOC57vCG5zz4hMn9+04DyyySB7VTxH2 dlLZteCgfQibmldDTvUBL/WXbkTIQASRzJfDbg8JosmqD1omVmaVUO0v/pBjhQR8 RCTOTakQF6BiE0rh4SdUsPgxcF6RG+fgLbtF3QJE+0ogqkzb4dJtUy0e792yoZqN GDzMjfENu4c= =1Qbo -----END PGP SIGNATURE-----
Matt Blaze <mab@research.att.com> writes: John Markoff has a piece on the RC4 betrayal in the Business section of... ... Bidzos speculated that the NSA could revoke RC4's export status as a result of the disclosure.
Bidzos may not need to worry about this or ask damages for loss of export status, if Michael Ernst spoke to the right people for the attached msg. Jim Gillogly Hevensday, 28 Halimath S.R. 1994, 17:50 _________________________________________________________________________ From: mernst@theory.lcs.mit.edu (Michael Ernst) Newsgroups: sci.crypt Subject: Re: opinions of RC2 alogrithm Message-Id: <MERNST.93Apr1155147@swallow.lcs.mit.edu> Date: 1 Apr 93 20:51:47 GMT References: <1p7g2m$57g@bilbo.suite.com> <16BA010AC1.C445585@mizzou1.missouri.edu> Sender: news@mintaka.lcs.mit.edu Organization: MIT Lab for Computer Science Lines: 15 In-Reply-To: C445585@mizzou1.missouri.edu's message of 30 Mar 93 00:58:03 GMT
The RC2 algorithm is unpublished. Perhaps you could ask a representative of RSA whether its remaining unpublished is one of the conditions of its fast-track approval for export. (My impression was that this *is* one of the conditions of its pre-approval for export, but I am not certain.)
The RC4 algorithm is also unpublished and also exportable at 40-bit key strength. A couple of weeks ago I asked NSA whether just RSADSI, or both NSA and RSADSI, want to keep the algorithm secret. NSA told me that they would be delighted to see the algorithm published, but that RSADSI wanted to keep it a trade secret, presumably to protect their intellectual property. Given the parties involved, extra disclaimers must apply. -Michael Ernst mernst@theory.lcs.mit.edu _________________________________________________________________________
participants (3)
-
Jim Gillogly -
Matt Blaze -
pjm@gasco.com