[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ITAR's 40 bit limit
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 21 Jul 1996, Bill Stewart wrote:
> Date: Sun, 21 Jul 1996 02:16:38 -0700
> From: Bill Stewart <[email protected]>
> To: [email protected]
> Subject: Re: ITAR's 40 bit limit
>
> At 07:45 PM 7/20/96 -0400, "David F. Ogren" <[email protected]> wrote:
> >Another paradox of the US export regulations.
> >The NSA is allowing 40 bit crypto exports. So as a hypothetical example
> >assume that I write a crypto program that uses 40 bit RC4 to encode data
> >(licensing from RSA). I then get an export license using the accelerated
> >process for 40 bit RC4.
> ........
> >However, what if she runs the program three times with three different
> >passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now
> >the file is triple RC4 encoded with the equivalent of 80 bit security.
>
> Not always possible. The rule isn't just "40 bit crypto" it's "permission,
> which you won't get with over 40 bits unless you're very cooperative."
> Applications like Netscape's SSL don't give you the ability to feed your
> data through it three times; they process your stream of data and send it.
>
So whats to stop you from making a string of proxy servers?
--Deviant
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMfJ95jAJap8fyDMVAQEtZAf/TfMVJOeHKNhuycoMz9/VreCA3Y/42/cv
NcHmz7+mv5MZd2M59kBEyahV8TBtxHB5iFHapKvhw+dUr620rBLVMiqbYYd4ZYST
EMAt8ZwgEHYkmCLp66qvTDglpjXK79ucTUORPXESGTzs68p300EB0OLCYg21M67M
9RQIgpe3nXgUMvKfxoNFh5rViyA2FNn+GfvNSxnFf9nK++6ClA823qyXe3uj4BKe
TIJ1N8H6FE9iUL1n8TM7qBDR67/HFHhNeyKfMVtelMWrdR38NbHdIFUjGNQzvLyI
WLHp7ERMqheD4rBdCjrtfquhNscOWHPtMSjEVPFhx92IeDYYxYgZeg==
=+ESF
-----END PGP SIGNATURE-----