PGP approved for export of 128-bit strong crypto

David Geerinck (dmg@blast.net)
Fri, 30 May 1997 00:32:44 GMT


PRETTY GOOD PRIVACY RECEIVES GOVERNMENT APPROVAL
TO EXPORT STRONG ENCRYPTION

SAN MATEO, Calif., May 28, 1997 -- Pretty Good Privacy, Inc.
(www.pgp.com),
the world leader in digital privacy and security software, today
announced
that the U.S. Department of Commerce has approved the export of Pretty
Good
Privacy's encryption software to the overseas offices of the largest
companies in the United States. This makes Pretty Good Privacy the
only
U.S. company currently authorized to export strong encryption
technology
not requiring key recovery to foreign subsidiaries and branches of the
largest American companies.

The approval allows Pretty Good Privacy to export strong, 128-bit
encryption without a requirement that the exported products contain
key
recovery features or other back doors that enable government access to
keys. More than one-half of the Fortune 100 already use PGP
domestically to
secure their corporate data and communications.

"Now we are able to export strong encryption technology to the
overseas
offices of more than 100 of the largest companies in America, without
compromising the integrity of the product or the strength of the
encryption," said Phil Dunkelberger, President of Pretty Good Privacy,
Inc.
"We worked closely with the State Department when they controlled the
export of encryption, and are now working with the Commerce
Department. And
we have never had a license application denied."

The license allows export of strong encryption technology, without
government access to keys, to the overseas subsidiaries and branch
offices
of more than 100 of the largest American companies, provided that the
offices are not located in embargoed countries, namely Cuba, Iran,
Iraq,
Libya, North Korea, Sudan or Syria.

"As far as we know, Pretty Good Privacy, Inc. is now the only company
that
has U.S. government approval to sell strong encryption to the
worldwide
subsidiaries and branch offices of such a large number of U.S.
corporations, without having to compromise on the strength of the
encryption or add schemes designed to provide government access to
keys,"
said Robert H. Kohn, vice president and general counsel of Pretty Good
Privacy. "Pretty Good Privacy still opposes export controls on
cryptographic software, but this license is a major step toward
meeting the
global security needs of American companies."

The U.S. government restricts the export of encryption using key
lengths in
excess of 40 bits. However, 40-bit cryptography is considered "weak,"
because it can be broken in just a few hours. Generally, the U.S.
government will grant export licenses for up to 56-bit encryption if
companies commit to develop methods for government access to keys. For
anything over 56 bits, actual methods for government access must be in
place.

Pretty Good Privacy's license permits the export of 128-bit or
"strong"
encryption, without any requirement of a key recovery mechanism that
enables government access to the data. A message encrypted with
128-bit PGP
software is 309,485,009,821,341,068,724,781,056 times more difficult
to
break than a message encrypted using 40-bit technology. In fact,
according
to estimates published by the U.S. government, it would take an
estimated
12 million times the age of the universe, on average, to break a
single
128-bit message encrypted with PGP.

Best-- Glenn Hauman, BiblioBytes
http://www.bb.com/