Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

October 27, 1997, Section: News & Analysis

Team Rises To RSA's 56-Bit RC5 Challenge

By Rutrell Yasin

The proponents of strong encryption may have more ammunition to back up the troops fighting to get the Clinton administration to ease export restrictions. A team of programmers last week cracked a hidden message encrypted in the 56-bit RC5 key length, which is allowed for export by the U.S. government. Responding to RSA Data Security's $10,000 56-bit RC5 challenge, more than 4,000 teams, with thousands of computers linked over the Internet, decoded a message encrypted with RC5. The message: "It's time to move to a longer key length." The RC5 algorithm can support longer key lengths such as 128-bit keys found in Netscape Communications' Navigator and Microsoft's Internet Explorer. For proponents like Jim Bidzos, president and CEO of RSA Data, the cracked encrypted message is yet another indication that the government should ease controls on exporting stronger encryption. Currently, the government allows the export of 56-bit encryption on products that do not have a key recovery system in place. Bidzos said his company will continue to sponsor the challenges to show just how out of step with the rest of the world the Clinton administration is on this issue. A proposed Bill S.909, "The Secure Public Networks Act of 1997," introduced by Sens. John McCain (R-Ariz.) and Robert Kerrey (D-Neb.), if passed, would limit exports to the 56-bit Data Encryption Standard.