The Globe & Mail
Thursday, October 8, 1998

To break the unbreakable code

Cypherpunk on a quest to debunk claims of total electronic privacy

by Tyler Hamilton

TORONTO -- Ian Goldberg says the public is being duped by claims that digital phones, E-mail, and other electronic technology offer complete privacy.

"The goal of computers is reliability - getting the same answer over and over again", explains Mr. Goldberg, sporting a T-shirt that reads Internet Freedom Fighters. "Randomness is the complete opposite of that, so you can imagine where the problems start."

He should know. The self-proclaimed "cypherpunk" discovered a major security flaw in the most popular Internet browser program, broke the software encryption code that protected the secrets of the U.S. government, and, most recently, discovered that one of three standards for digital phones was vulnerable to hacking.

Not bad for a 25-year-old who is still working on a doctorate in computer science at the University of California at Berkeley.

Two weeks after arriving at Berkeley in 1995, Mr. Goldberg and a friend found a security flaw in Netscape Communications Corp.'s popular Navigator browser. Netscape, which scrambled to fix the problem, was not amused.

Less than two years later, in January, 1997, cryptography market leader RSA Data Security Inc. put out a challenge to break a 40-bit encryption product.

It took Mr. Goldberg just 3 hours to bust the code, with the help of 250 powerful workstation computers trying 100 billion possible keys each hour.

The RSA challenge proved that 40-bit encryption was obsolete and vulnerable to a brute force attack of computing power, despite claims by the U.S. government that it offered an acceptable level of security.

"Be careful when people just quote you numbers like bit length", warns Mr. Goldberg, a native Torontonian and a graduate of the University of Waterloo's mathematics and computer science program.

Cryptography is the art of writing or solving an encrypted message, typically data that has been converted into a secret code so it can be sent securely over a public network such as the Internet.

Think of it as the difference between a postcard and a letter. The postcard can be read by anybody while the letter is sealed in an envelope. Encryption is an envelope for data that only people with a "key" can close and open.

A key, in its simplest form, is a string of ones and zeros randomly generated by a computer. For example, a message protected with 40-bit encryption would need the appropriate key of 40 ones and zeros to unlock the message. The most powerful encryption on the market today is 4,096 bits.

Mr. Goldberg hasn't taken long to break into the cryptography community.

His work - although he prefers to call it "looking under the covers and playing around" - has stirred up enough controversy south of the border that Newsweek, The New York Times, and The Wall Street Journal have taken an interest in his discoveries. Just ask his father, Ted Goldberg, who's more than proud to display a scrapbook of newspaper clippings showing his son's accomplishments.

Tim Dirks, vice-president of product architecture at Toronto-based Certicom Corp., says there's no doubt Mr. Goldberg is one of the smarter minds in the industry.

"Ian has been doing a lot of innovative work", says Mr. Dirks, who works out of Certicom's San Francisco office. Certicom is itself a maker of encryption technology, and Mr. Dirks says it's great to see somebody like Mr. Goldberg scrutinizing some of the products touted as "100-per-cent secure".

Mr. Goldberg says that claiming a security product has never been "cracked" is different than proving it can never be cracked. And part of the reason absolute security isn't possible is because computers, by design, have trouble generating random numbers to produce such keys.

In the case of the faulty browser, Mr. Goldberg found that Netscape's random number generator - which creates the keys used to crypt and decrypt data - produced keys that, with a little computing power, could be predicted.

His latest discovery came in April, when he revealed to the world that the code used to protect conversations over digital wireless phones based on Europe's GSM standard wasn't as secure as most people believed. (In Canada, Montreal-based Microcell Telecommunications Inc. uses GSM in its Fido phones.)

The GSM phones use 64-bit encryption, but Mr. Goldberg found that the last 10 numbers in the sequence were pre-set to zero, making the encryption 1,000 times weaker. He also found that the phones were vulnerable to being cloned and then sold on the black market.

He says the belief that "digital phones" are secure simply because they're digital, which many of the PCS companies in Canada claim in their advertisements, is based on the same argument used during the early days of the analog cellular phone.

In 1984, the radio scanners needed to tap into analog phone conversations were far too expensive for the average person to buy. This price barrier led to claims that analog phones were secure. Today, a scanner costs only $300 and is widely available.

"The case is now the same with digital scanners", Mr. Goldberg explains. "Right now, they're somewhat expensive. A couple of years from now they will be cheap. So you can't rely on the expensiveness of digital scanners for your security."

He also says not to expect the wireless phone companies to correct this problem. "It's in their economic interest to fix the cloning problem. It's not really in their interest to fix the voice privacy problem."

And it's not in the interest of the government, either. A heated debate in the United States over how cryptography should be regulated has drawn a very clear line between Internet freedom fighters such as Mr. Goldberg and law enforcement agencies, who want to keep the strength of encryption low and the keys to the envelopes in their own pockets.

"If you have encryption it prevents crimes", Mr. Goldberg says. "Of course, the FBI [Federal Bureau of Investigation] isn't paid to prevent crimes. Its mindset is that if people have strong cryptography, it's harder for them to uncover crimes using wiretaps."

But Mr. Goldberg says heavy-handed encryption policy is a product of laziness - the FBI can still uncover crimes using traditional surveillance methods but wants to keep a check on encryption because electronic tapping is easier to do.

Mitch Tarr, vice-president of marketing at Calgary-based security technology company Jaws Technologies Inc., says making the job easier for the FBI and other authorities leads to other problems.

"If you put any back door in for the good guys, the bad guys will always find it first", he says.

In Canada, this concern was addressed when the federal government last week gave a green light to anyone wanting to develop and use the strongest encryption technology when conducting electronic commerce and storing personal and business data.

Groups such as Electronic Frontier Canada, and leading-edge encryption companies such as Entrust Technologies Ltd., gave a thumbs-up to Ottawa's decision, which they said sets the stage for the widespread adoption of electronic commerce.

Mr. Goldberg was also pleased, mainly because Canada resisted following the tougher government stance being taken in the United States.

"It's a good new policy for the most part", he says, adding that his decision to come back to Canada after graduation - perhaps as an academic at his alma mater - rests largely on the country's encryption policy. "I'm not going to any close doors at this time."

Meantime, Mr. Goldberg will spend the next two years completing his PhD. He's also taken on the job of chief scientist at Montreal-based startup Zero-Knowledge Systems Inc., which has developed a product called Freedom that "lets you have different identities for different parts of your on-line existence". In other words, the product hides a person's true identity behind self-chosen pseudonyms.

Mr. Goldberg says that between now and graduation, he'll almost certainly uncover another flaw in a product being hyped as "totally secure". Asked whether his tendency to expose vulnerabilities in products makes him a hacker, he points out the difference between a black-hat hacker and a white-hat hacker.

"The black hats are the bad guys and the white hats are the researchers ... Another meaning of hacker is someone who wants to understand how things work. This is what I would consider myself."


Site seeing


Copyright © 1998 by The Globe & Mail. All Rights Reserved. Reprinted with permission.