WinNT article

Arvin Meyer (
Fri, 27 Jun 1997 19:47:18 -0400

I am forwarding a copy of today's WinNT mag article on DES:


**************** WINDOWS NT MAGAZINE UPDATE ****************
The weekly Windows NT industry update newsletter
************** **************

Dear NTers,

This week, I will cover some interesting news about information security
and privacy. Recently, both Microsoft and Netscape were approved to export
128-bit strong encryption to financial institutions. Previously only 56-bit
encryption techniques were allowed to be exported -- even then it was
heavily controlled as munitions under outdated Cold War laws. Today, 56-bit
encryption is useless for protecting super-sensitive information. To prove
this fact, diligent crackers broke 56-bit Data Encryption Standard (DES)
encryption using ordinary PCs. (If you're using 56-bit DES, you might want
to switch to 128-bit or higher encryption.)
The old adage, "Strong security makes the world a safer place" is
absolutely true. Encryption technologies will become the heart of safe
network traffic in the near future, but lawmakers see it differently. They
see encryption as a tool for covering up crime. They're right, but that
doesn't outweigh the population's right to privacy. To meet us half way,
the government wants a backdoor into our privacy. Your encrypted key would
be kept "in escrow." If the government needs access to your encrypted data,
it would have to secure a subpoena to get your escrowed key. This idea is
like the government saying, "Put any lock you want on the door to your
house. Just leave a key for us under the mat." My response to this method
is that the government will have to knock, just like everyone else.
Encryption is similar to any other form of communication. What makes
encryption different than the indecipherable audio tones of a given
language? If we're going to move forward, and evolve into an
electronic-oriented civilization, then we must allow people to maintain
privacy through reasonable means. Unfortunately, key escrow laws are a
security risk that may be coming soon to a network near you.

Mark Joseph Edwards, News and UPDATE Editor

Arvin Meyer
Certified NT4 Systems Engineer

On-Site Solutions

"Developing results-oriented databases for companies
that demand a tangible return on investment."

phone: (804) 973-9140