[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptography..



At 03:03 AM 9/29/96 -0700, Erp <[email protected]> wrote:
>What is the maximum encryption allowed to be created.  With export 
>restrictions in mind, and without export restrictiosn in mind...
>Thanks...   By WORLD and US standards please...

The laws of nature don't appear to provide any maximum strength,
assuming you run out of atoms to store your data before
you run out of capacity for your computer, and _you'll_ be out of
cash long before that :-)  For mathematically strong algorithms,
you can make the work a cracker has to do be exponentially larger
than the amount of work you have to do to decrypt, so you win.

Different governments have different rules, and many have no rules. 
Bert-Jaap Koops has a summary that (last time I looked) was at
http://cwis.kub.nl/~frw/CRI/projects/bjk/lawsurvy.htm
about different governments' crypto use and export rules.

For the US, you can export cryptography software if you get permission,
and you can usually get permission if you're using up to
40-bit symmetric-key keys and 512-bit public keys,
or if you're writing software that's strictly for banking.
You usually can't get permission for stronger crypto than that,
unless you're a registered international arms dealer and are
only selling your crypto gear to Friends Of The Pentagon.
There aren't any restrictions on the strength of crypto you can
use for messages you're exporting, only on software you export.
And there are somewhat bizarre interpretations of "export",
including telling foreigners inside US borders if they're not US subjects.

Domestically, there are no restrictions on crypto you can
write and use inside the US, subject of course to the bizarre interpretations
of "domestically" that accompany "export".

 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto