[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need info! / Re: Export a random number, go to jail




At 5:29 AM -0700 11/5/97, Peter D. Junger wrote:
>Anonymous writes that I wrote:

>: >
>: > "Export a random number, go to jail."

Actually, that was _my_ line, a riff on the old Cyphepunks joke, "Use a
random number, go to jail."

>And then asked:
>
>:
>: Is it legal to export '37'?
>: How about '148'?
>: '276'?
>: '3,289,534'?
>: '6.33458'?
>
>Perhaps I was not clear enough.  The U.S. government's classifications
>that I wrote about had to do with one-time pad programs, not the pads
>themselves.

As Shannon showed, the program to execute a one-time pad is ridiculously
simple: an XOR of two files or vectors. Not only can any student in any
country write such a program, it's built in to many systems.

(In a whimsical twist to Peter's own situation, he could describe in his
class what an XOR is and how it applies to one time pads, and he then would
have "conveyed" to any foreigners in his class all they need to implement a
truly unbreakable cryptosystem.)

With one time pads, the pads _are_ the only thing that matters!

While I was not seriously suggesting that one time pads would be barred
from export, I expect that permission to export one would not be granted if
applied for, for certain countries. (Someone could do this as an exercise,
by applying for an export permit to export a pad to some verboten
destination...of course, by giving a copy of the pad to the BXA/EAR folks,
one has just compromised the pad, and so....)


>I know of nothing official that says that the pads themselves are
>exportable, but there is nothing in the regulations that suggests they
>are not.  Random number and encrypted messages are not regulated by
>the U.S. export regulations; only ``encryption software'' is
>regulated.  So far as I know the government has never claimed that
>one-time pads are, or are not, subject to the export regulations.

My hunch is that if exports of one time pads ever became a concern for them
they'd find something in the BXA/EAR language to classify the pads as being
controlled.


--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."