Washington, DC Ð An agreement between the Software Publisher's Association (SPA) and the National Security Agency has cleared the way for the export of mass-market software that performs data encryption.
Under the agreement, the U.S. Department of State will grant export permission to any program that uses the RC2 or RC4 data-encryption algorithm with a key size of less than 40 bits, according to Karen Casser, the SPA's director of public policy and legal affairs. RC2 and RC4 are proprietary algorithms developed by RSA Data Security of Redwood City, California.
But critics of the government's export policy say a 40-bit key does not provide adequate protection. Using such a system would "promulgate a false sense of security," said Dave Banisar, a policy analyst with the Computer Professionals for Social Responsibility.
Each additional bit in RC2 and RC4 would double the difficulty of breaking the cipher, said Jim Bidzos, RSA Data Security president. The government's own Data Encryption Standard (DES) uses a 56-bit key; the State Department will continue to prohibit the exportation of DES in mass-market software under the new agreement.
A message encrypted with RC4 and a 40-bit key could be forcibly decrypted, or broken, by a 100-MIPS computer running for one year. The biggest threats, said Bidzos, would probably come from engineers making unauthorized use of a company's computers at night for personal ends.
"Based on the 100-MIPS-per-year figure, we could easily [decrypt a message encrypted with the system] in a day with only a few hundred NeXTstations," said Avadis Tevanian, NeXT's director of system software.
By allowing only the export of a proprietary encryption algorithm with a limited key size, the implication is that the NSA "either wants encryption to be very difficult to use, expensive to use Ð because it is proprietary Ð or it is something that they know how to break," said Eugene Spafford, an expert on computer security at Purdue University.
Since the 40-bit restriction makes the RC2 and RC4 algorithms significantly weaker than NeXT's own Fast Elliptic Encryption Ð and since 40 bits is the maximum key length to which the NSA was willing to agree Ð it is unlikely that NeXT will be able to export its encryption system in any event.