[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 40bit Encryption : Adequate or sadly lacking ?
>> Marc, isn't it possible (legally) to deliver products with a replaceble
>> encryption library (dll). Delivery with a 40-bit key DLL. The user has
>> the option to install a dll with a different keysize. Somewhat like
>> winsock....
>
>
>Actually, it's probably worse than you think:
>
>There are govt's out there that won't let you import code that is
>"encryption ready". You must prove that your software is tamper proof
>before it can be imported, and tamper proofing means that you can't
>bolt on security. Also, I believe the export laws disallow "plug in"
>security in the US...
>
>The crypto legal world sucks.
Could you clarify the export restriction on "plug and play" encryption ready
products? I am about to embark on a project that I want to be distributed
freely that would be designed around a generic encryption intereface that I
would wrap around a real encryption core such as PGP,etc. I wanted to include a
BS encryption in the freely distributable package to prevent export woes. The
project is in design stages now and I don't need this additional headache.
djw
-------------------------------------------------------------
Duncan J Watson [email protected]
"Sig Quote goes here" [email protected]