Re: ITAR's 40 bit limit

[The Deviant <deviant@pooh-corner.com>]

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 21 Jul 1996, Bill Stewart wrote:

> Date: Sun, 21 Jul 1996 02:16:38 -0700
> From: Bill Stewart <stewarts@ix.netcom.com>
> To: cypherpunks@toad.com
> Subject: Re: ITAR's 40 bit limit
> 
> At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
> >Another paradox of the US export regulations.
> >The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
> >assume that I write a crypto program that uses 40 bit RC4 to encode data 
> >(licensing from RSA).  I then get an export license using the accelerated 
> >process for 40 bit RC4.
> ........
> >However, what if she runs the program three times with three different 
> >passwords.  (Ignore the problems of Inner-CBC and Outer-CBC for now.)  Now 
> >the file is triple RC4 encoded with the equivalent of 80 bit security.  
> 
> Not always possible.  The rule isn't just "40 bit crypto" it's "permission,
> which you won't get with over 40 bits unless you're very cooperative."
> Applications like Netscape's SSL don't give you the ability to feed your
> data through it three times; they process your stream of data and send it.
> 

So whats to stop you from making a string of proxy servers?

 --Deviant


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMfJ95jAJap8fyDMVAQEtZAf/TfMVJOeHKNhuycoMz9/VreCA3Y/42/cv
NcHmz7+mv5MZd2M59kBEyahV8TBtxHB5iFHapKvhw+dUr620rBLVMiqbYYd4ZYST
EMAt8ZwgEHYkmCLp66qvTDglpjXK79ucTUORPXESGTzs68p300EB0OLCYg21M67M
9RQIgpe3nXgUMvKfxoNFh5rViyA2FNn+GfvNSxnFf9nK++6ClA823qyXe3uj4BKe
TIJ1N8H6FE9iUL1n8TM7qBDR67/HFHhNeyKfMVtelMWrdR38NbHdIFUjGNQzvLyI
WLHp7ERMqheD4rBdCjrtfquhNscOWHPtMSjEVPFhx92IeDYYxYgZeg==
=+ESF
-----END PGP SIGNATURE-----