29 June 1998: Dan Tebbutt, LAN Magazine, courteously asks that we point to the journal's Web site for the full four articles of the series except for introductory paragraphs below.

29 June 1998: Tim Hudson reports that LAN Magazine now offers online these two articles plus two more of the series, that the crypto debate is heating up and that more news should be appearing shortly.

27 June 1998
Source: Anonymous
Thanks to the authors and LAN Magazine (Australia)

Cryptography: Brute Force Attack

Dan Tebbut, Dan Shearer and David Braue

Is the security of Australian business under attack from hackers and legislators alike?

It's a subject fraught with heated opinions and conflicting views. Legal and moral obligations conflict with the necessity of trade, the economics of industry and the requirements of corporations. Most of all from everyone, including the experts, there is fear, uncertainty and doubt. It's a heavy burden for mathematics to bear. But as LAN Magazine found out, deciphering the truth from the combination of technical complexities, legal requirements, hackers' claimed accomplishments and marketing spin can well be as difficult a task as cracking the codes themselves.

When Australia's representative at an international security convention in April suggested that 40-bit encryption should be deregulated, he was nearly laughed off stage. The unexpected audience reaction did not mean delegates discussing the Wassenaar Arrangement opposed Robbie Costmeyer's push for reform. Laughter reflected an awkward irony: Delegates were amused that Australia would suggest removing 40-bit restrictions when full-strength cryptography products can be freely downloaded from Web sites down under.



It was an embarrassment to Australia "because our controls were being flaunted," a chagrined Costmeyer told LAN Magazine. The experience came as a rude awakening to Costmeyer, who was not previously aware of the Australian-led Cryptozilla project that grafted full-strength encryption onto Netscape's Communicator 5.0 source code and posted the software online. Cryptozilla involves numerous Internet developers around the world, but its foundation stone is SSLeay, a set of security libraries written by Brisbane-based developers Eric Young and Tim Hudson.

As director of strategic trade policy and operations (STPO) at the Department of Defence (DoD), Costmeyer is the main man controlling defence-related exports from Australia, including our Wassenaar obligations. Wassenaar is an international protocol that limits trade in goods and services with military, nuclear and dual-purpose uses; signatories include most European countries, the US, Canada, Japan, former Warsaw Pact members, New Zealand and Australia.

People who make 128-bit encryption available on the Internet undermine Australia's reputation as "a responsible country that can control its citizens", Costmeyer claims. This could have "gross consequences" for our international standing: "There are good reasons for export controls - if there are no controls, there will be anarchy."

Excerpted from pages 45-54 of the June 1998 issue of LAN Magazine

Tim Hudson - Leading Australia's Crypto Charge Interview by Dan Tebbutt

The Americans have been very kind to Tim Hudson. Thanks partly to the US Government's ban on exporting strong cryptography, Hudson and his Cryptsoft partner Eric Young are building an international reputation as one of the world's best sources of security software.

The Brisbane duo is leading the charge to fit Netscape's Web browser with full strength encryption; they developed the security behind the Victorian government's online services, and their Internet encryption engine safeguards millions of Web transactions around the world.

With such global kudos, it would be a cruel irony if these security role models were to be thwarted by the Australian Government. But uncertainty surrounding crypto policies in Canberra remains a constant source of concern.

The critical weapon in Cryptsoft's technology arsenal is SSLeay, a freeware implementation of Netscape's Secure Sockets Layer (SSL) security system, built independently by Young. SSLeay underpins Cryptozilla, a browser that adds full 128 bit encryption onto the open source code for Netscape Communicator. Cryptozilla brings international users the same full strength encryption available in Netscape's US products. The secure browser stems from an international talent pool called the Mozilla Crypto Group, which Hudson founded.

Excerpted from pages 55-56 of the June 1998 issue of LAN Magazine

©1998 LAN Magazine (Australia)