[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FAQ on legalities SSLeay, &c.



the recently posted FAQ on crytpo patent expiration dates etc. stated that
MD5 and SHA were not export-restricted anywhere.  The FIPS Pub for SHA
(which I think is numbered 180-1) specifically states that SHA is export
controlled (by ITAR).  I asked this list why it would be controlled, since
it was a signature function, and Perry Metzger replied that crypto hash 
functions make good starting points for building a block cipher program.  

there is a section in Schneier's _Applied Crypto_ on this, too.

anybody heard from the old Perry-grammer on his list project?
I miss him.  He would be having a field day with all this noise.

surprised there hasn't been more chatter about the improved differential 
fault analysis (IDFA).  That is pretty powerful stuff.  They just don't 
make tamper-proof like they used to.  Forget chomping on the keyspace, 
read the modulus and divide by the public key.  I like the reference to 
the 'Mafia EFT/POS'.

ObSciFi:  Go back and read the Preface (by Bruce Sterling) to Gibson's 
_Burning Chrome_ collection.  He talks about the sorry state of SF in the 
1980's and how Gibson, among others, was turning out something new. Hmph.