From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 2 May 1996 12:34:59 +0800
To: cypherpunks@toad.com
Subject: Re: [Fwd: Cylink can export 128-bit DH?]
Message-ID: <199605012014.NAA05957@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:20 AM 5/1/96 +0700, peng-chiew low <pclow@pc.jaring.my> wrote:
>I understand that ITAR prohibits the export of strong crypto
>and that is why I was puzzled that Ms Glenda Barnes, the Director
>of Marketing in Cylink, said that Cylink could export the same crypto
>(i.e. DES) that was used in the U.S. to local banks here in Malaysia.

The International Trafficking in Arms Regulations laws that prohibit
export of strong crypto make exceptions for equipment/software
to be used in banks and other financial institutions, as long as
the banks behave themselves.  Exporting for general use is different.

>She also claimed that Cylink could also export a 128-bit DH key size.
>(is it strong enough in the first place? )

Sun's original "Secure NFS" used 192-bit DH keys, and was cracked by
Brian LaMacchia and Andy Odlyzko; there's a well-known paper about
this available somewhere (I think research.att.com?).  192 is way too short.
512 is probably too short.  128 bits is amazingly irresponsible.
The attack they use spends most of its time precomputing information about
the modulus and generator, and only a small part of the time attacking the
specific exponent that was used - this means that an attacker who cracks one
exponent using that modulus can easily crack the any others.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215