Common Sense Crypto
When Thomas Paine published Common Sense in 1776 – arguing that the American cause was not merely a revolt against unfair taxation, but a demand for independence – he had no idea that more than 200 years later, the struggle for freedom would be waged between privacy advocates and the national-security establishment. This time, the dispute is over not taxation without representation, but communication without government intervention.
One of today’s crypto revolutionaries is Bruce Schneier, the neatly dressed, ponytailed author of Applied Cryptography. Schneier also recently helped identify a key flaw in the encryption scheme the US digital cellular industry had adopted for use in cell phones. Although Schneier is well known in the cryptography community, few realize he also developed the Blowfish encryption algorithm – a symmetric block cipher with a key length that varies from 32 to 448 bits.
Schneier designed Blowfish in 1993 to satisfy the need for an effective and free encryption algorithm to replace the aging DES standard. After almost four years of public testing, Blowfish remains both unbroken and unpatented – a feat that has earned it a place in dozens of commercial products, including Symantec’s Norton Your Eyes Only and McAfee’s PCCrypto. While Schneier hasn’t made any money from the widespread adoption of his algorithm, he’s satisfied that Blowfish has earned its users’ trust.
Schneier’s Web site belies the popular image of privacy advocates as rogue cypherpunks and disgruntled militia types with something to hide. As president of Counterpane Systems, a consulting firm specializing in cryptography and computer security, Schneier is too enmeshed in the high tech industry to qualify as a true subversive. Consistent with his aboveboard persona, the Blowfish source code is conspicuously absent from www.counterpane.com/ – a fact that Schneier ruefully attributes to “the administration and its export laws.” Instead, he simply provides links to sites beyond the reach of the US government, where others have made his code available for public scrutiny.
Although several crypto liberalization bills were introduced in the US Senate last spring, Schneier remains wary of government-backed encryption proposals. Were he more fearful of prosecution, he might never have released Blowfish into the wilds of cyberspace. But as he sees it, “It’s always better to seek forgiveness than to ask for permission.”