US and European Union (EU) officials have reached an agreement on export controls for cryptography software, the New York Times has reported. According to US special envoy for cryptography David Aaron, quoted by the NYT, representatives of both blocs agreed to restrict the export of encryption software that uses keys of 64 bits or more. US law currently forbids companies from exporting software that uses that level of encryption. That's why US versions of Web browsers contain 128-bit encryption to encode e-commerce transactions, but European versions use a much lower level of security -- just 40 bits per key. The agreement, reached yesterday by the 33 members of the Wassenaar Arrangement, will impose those export restrictions on European software suppliers. The more bits in the key, the harder it is to crack. The US government claims 64-bit keys are sufficient for almost all uses. However, earlier this year, researchers were able to break a 56-bit code, albeit using a network of hundreds of PCs operating in parallel. Much tougher keys, including the 128-bit keys commonplace in e-commerce applications, are thought to be virtually impossible to crack using today's technology through the next few generations of processor. ®