legal contact


At a glance

A group of cryptographers at INRIA, Microsoft Research and IMDEA have discovered some serious vulnerabilities in OpenSSL (e.g., Android) clients and Apple TLS/SSL clients (e.g., Safari) that allow a 'man in the middle attacker' to downgrade connections from 'strong' RSA to 'export-grade' RSA. These attacks are real and exploitable against a shocking number of websites -- including government websites. Patch soon and be careful.

What's it all about ...

To prevent western technology to fall into the hands of the Eastern bloc, the US have created the export controlls in the early days of the cold war. See the CoCom reugaltion.

By the 1960s, mainly finacial organization needed strong enryption for the wired money transfer. As well as inter US, but more also worldwide.

So the 1975 the DES was born. But this encryption was to strong to leave the US and the process of case-by-case clearance of commercial needs to export the keys was not feasable.

So, the deal was, to have (almost allways) two different version of a programm available. One with strong cyphers (1024-bit public and 128-bit secret key) for US companys AND a weaker version with "EXPortable" keys (512bit public and 40bit secret key). The idea behind was, that the US Government could still intercept the foreign communication, while the US communication was so strong (these days) that no foreign country could intercept it.

By the way, as organisations like NSA, GCHQ, etc. have now more computer power available, the need for these export controls camo obsolete. In 2000 the export controls haven been modified and now they don't restrict non-military cryptographic keys any more. (Well with some exceptions)

The vulnerability that is now called FREAK, just downgrades the communication encryption to one of these ancient exportable keys. While the 40Bit were quite save in 1975, nowadays you just need 100$ and an Amazon account to crack it. - Anyway, as the EXPortable keys are a subset of the DES encryption and DES is known to be weak anyway, all 40- and 56-bit enc. cyphers should have disapeared anyway.