Re: Borders *are* transparent

["Peter Trei" <trei@process.com>]

Jeff wrote:

>   The retail version of Netscape Navigator sold in US stores
> has been the US version for almost a year now.  The first run
> were the export version, because the marketing people thought
> it would be easier.  When I explained the issue, they made the
> change to the stronger US version immediately.
> 	--Jeff

This, I think, is one place where the activities of members of this list
have had a real effect. Last September, three or four semi-overlapping
efforts succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL).

This had three main effects:

1. Raising the issue in the media, and thus in the public consciousness.

2. Within a month, the government was starting to talk about permitting the
export of stronger (but GAK'd) encryption products.

3.  It enabled people like Jeff to argue successfully that releasing only an 
export-strength product was no longer a viable option.In practical terms
is probably the most important effect of the crack: I know of at least one other
company where it led directly to the release of both domestic and export 
versions.

Any one up for a distributed brute force attack on single DES? My 
back-of-the-envelope calculations and guesstimates put this on the
hairy edge of doability (the critical factor is how many machines can
be recruited - a non-trivial cash prize would help). 

Peter Trei
trei@process.com

"Exportable strong encryption" is an oxymoron.