From: Anonymous <email@example.com>firstname.lastname@example.org
Message Hash: 036a0ffeb26225bd1ee832982dac7abec0574b09566fe397a31f350d0cfc8ce9
Message ID: <199812021214.NAA20333@replay.com>
Reply To: N/A
UTC Datetime: 1998-12-02 12:45:06 UTC
Raw Date: Wed, 2 Dec 1998 20:45:06 +0800
From: Anonymous <email@example.com>firstname.lastname@example.org Date: Wed, 2 Dec 1998 20:45:06 +0800 To: cypherpunks@Algebra.COM Subject: Re: "Export" controls Message-ID: <199812021214.NAA20333@replay.com> MIME-Version: 1.0 Content-Type: text/plain >Can you give me an example of a commercial vendor who has suffered >because someone bought a "dangerous" product ( Windows, for example ) at >retail and carried it out of the country in a suitcase? My guess would I cannot give such example because hard crypto products are not available to the general public. I am unaware that microshit OS has hard crypto built-in. The only hard crypto package I have ever seen for sale at mail-order (and thus not anonymous) is NAI's PGP (and I have never seen any hard crypto available in a store for cash - but that can only mean that there is no perceived demand). However, any hard crypto that would work on system level and encrypt all communications is not available for purchase (it is available for free, though, in the form of IPSec package with 128-bit block ciphers for *BSD operating systems.) There is a number of VPN companies that offer crypto boxes, but AFAIK they either do not mention crypto scheme they use or they say DES. There is only one VPN company that advertises 128-bit crypto in it's product. >> [ For example, try to buy one of IBM crypto-cards - give them a call >> and ask what does it take to purchase one with hard crypto on it >> >Save me the phone call and describe your experience. BTW - IBM derives a You'll miss all the fun. After talking to 5-6 departments one concludes that no one knows anything about 4758, but they are all nice and helpful, and forward your call to each other. 4758 does not exist for casual callers. My guess is that if you have been dealing with IBM for some time you may be able to get it. To recap, there are no hard crypto drop-in hardware products available to general public in the USA today. >just write a damn book, source, VHDL etc. You can even export that. My The question is how to make money by selling hard crypto in the US. NAI seems to be the only company that can get away with so-called "publishing exception" in the commercial world. Their joining the key recovery alliance is probably unrelated :-) >Disk encryptor - SCSI/EIDE, a bump in the wire between the motherboard >and the disk drive. With its own smartcard/keypad interface, keys are >never seen by OS. It doesn't solve the security problem while the system There are many neat ideas. But no hardware.