[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solution for US/Foreign Software?



>>>1.  Write a program with limited encryption (40 bit?), with the encryption
>>>module in a file external to the  main program.
>>>2.  Get export approval for this program.
>>>3.  Write a module which replaces the encryption file, increasing key size
>>>to whatever you REALLY wanted in the first place.  (128-bit IDEA, 2000-bit
>>>PGP, etc.)
>>>4.  Ship that new module with the old software to US customers.
>>>Naturally, that new module will "leak," so anybody who buys the old

Tim May replied
>>"Crypto hooks," basically the scheme you are proposing, were thought of by
>>the authorities and are not a bypass of the crypto export laws.

I had interpreted the suggestion differently - rather than a system with 
user-accessible crypto hooks, the manufacturer could ship a binary patch
upgrade for US customers to install.  The internal design would presumably
have crypto hooks (i.e. subroutine calls); they can't ban that.

Of course, if you follow this strategy, get export approval for version 1.0,
and ship the US-only patch as 1.1, getting export approval for version 2.0
may be a shade more difficult...
#--
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281

# Anybody notice that Microsoft's Wide Open Road ad has barbed-wire fences
# on both sides of the road?