CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide

48-bit crypto latest to crack

A European team has won an RSA-sponsored contest to prove how easy it is to crack weak encryption schemes.

As part of a contest to prove the frailty of low-level encryption, a European team based in Switzerland cracked a 48-bit encryption code in less than two weeks.

The codebreaking was part of a contest sponsored by RSA Data Security, which holds a dominant share of the encryption toolkit market. Part mathematical challenge and part marketing campaign, the competition urges contestants to crack various strengths of RSA's algorithms, which scramble plain text into unreadable ciphers.

The point of the contest is to show that current government regulations restrict users to levels of encryption that are unsecure. The lowest level of code, 40 bits, was cracked in less than 4 hours by a graduate student at the University of Califonia at Berkeley.

The next level, 48 bits, took 13 days to crack by a team of researchers using 3,500 computers spread across Europe, according to Scott Schnell, RSA vice president of marketing. For each bit, the number of possible key combinations increases by a factor of two. Therefore, the 48-bit code was roughly 256 times more difficult to break than the 40-bit code.

Germano Caronni of the Swiss Federal Institute of Technology in Zurich wrote the codebreaking software and posted it on the Internet for anyone who wanted to join his efforts.

Strong encryption is considered crucial to protect electronic privacy in the digital age. Current U.S. government regulations allow vendors to export up to 56-bit encryption if the vendor agrees to build in a key recovery system that would help law enforcement officials decrypt messages implicated in criminal cases. Under current regulations, domestic use of encryption is unregulated.