WebTV Networks has obtained government approval to export non- key-recovery-based 128-bit encryption for general commercial use in Japan and the UK. With Caldera Thin Clients Inc pipping WebTV to the post for a plum contract with OnSat Communications Inc last week (CI No 3,504), it’s understandable that Microsoft would want to report a win for its subsidiary. Even so, the company is pushing its luck with claims like this one: Previously, US laws allowed exported products to use known-to- be-breakable 56-bit encryption keys while restricting strong (not known to be breakable) 128-bit keys to limited sets of users and applications… there is no known technology by which an unauthorized party could intercept and decipher it.
By Rachel Chalmers
Not known to be breakable? No known technology? WebTV must be joking. Our regular readers will know that such claims are just not supportable. Over to the Snake Oil FAQ (Avoiding bogus encryption products): Some vendors will claim their software is ‘unbreakable.’ This is marketing hype, and a common sign of snake oil. No algorithm is unbreakable. Even the best algorithms are susceptible to brute-force attacks. All you need is a computer big enough to do it. To our best knowledge, no one has built one yet, but they could. As cryptographer Bruce Schneier said of the Electronic Frontier Foundation machine that cracked DES back in June: This is boring technology, it’s dumb maths, it’s old engineering. Under questioning, WebTV’s Steve Perlman backs down. People know that if you had the computing power you could break it, but it’s just not practical, he says. Perlman said the FBI told Microsoft that it considered 128-bit encryption unbreakable. That shouldn’t be a surprise to anyone who has followed the FBI’s policy on encryption. FBI director Louis Freeh is so keen on preventing strong encryption falling into the wrong hands that he’d like to prevent it from falling into anyone’s hands, so he is in the habit of wildly overstating how secure it really is (CI No 3,455). The FBI is not, then, the most impartial authority in town. In spite of all this, Perlman insists that WebTV is now effectively secure for all practical purposes, for the time being, at least until it has to be upgraded to stay ahead of the curve. That’s probably true enough – so why not say that in the first place?
