Cryptography export restrictions are akin making Australian wine-makers water down their vintage before shipping it overseas. Just as fine wine is very different to rum, cryptography comes in variable strengths and quality.
For instance, international releases of Netscape Navigator and Microsoft Internet Explorer offer much weaker security than domestic US versions. The North American browsers have uncompromised encryption capabilities with a 128-bit key length, while the version available in Australia only offers 40-bit protection.
Key length is critical. The longer the key, the stronger the security. Cryptography experts consider 40-bit security laughably easy to crack, and even the US Government's standard issue 56-bit DES was recently cracked through brute force (www.frii.com/~rcv/deschall.htm). "The horsepower needed to crack 56-bit keys is well within the budget of many individuals and organisations," says Simon Gerraty, a Melbourne security consultant whose clients include Telstra.
"I wouldn't trust my credit card number to less than 128 bits."
Hence the warm reaction to Cryptozilla, which reinstates full-strength encryption into the Netscape browser. It was a dramatic demonstration of Australia's capability in a vital e-commerce field.
But if the Defence Department successfully tightens Internet export laws, it may be tightening the noose around the neck of Australia's fledgling security industry.
-- Dan Tebbutt
This article was published in The Australian, Tuesday 14 July 1998, page
55.
Full text © copyright Dan
Tebbutt.
Remove anti-spam measures to send email.