From: sommerfeld@localhost.medford.ma.us (Bill Sommerfeld)
Date: Tue, 31 May 94 18:39:09 PDT
To: m5@vail.tivoli.com
Subject: Re: Is DES exportability context-dependent?
In-Reply-To: <9405311808.AA10701@vail.tivoli.com>
Message-ID: <199406010125.VAA00325@localhost>
MIME-Version: 1.0
Content-Type: text/plain


Disclaimer: I'm not an expert in export control law; before acting on
anything in here, check with a "real" expert.

   Date: Tue, 31 May 94 13:08:32 CDT
   From: m5@vail.tivoli.com (Mike McNally)
   Sender: owner-cypherpunks@toad.com

   Lets say I rigged up a "signature" system that cranked the message
   through a DES or 3DES engine in CBC mode, and used the last value as
   the signature (or something like that; whatever makes the most sense).
   In that context---as a signature algorithm---would DES be exportable?

My understanding is that under current regulations, yes, assuming that
 1) the end-user does not have access to use the raw DES encryption
routines for data privacy.
 2) you do not export source code for DES (it's too easy to remove
"static" from C source :-) )

(of course, someone armed with a disassembler and an architecture
reference manual could probably figure out where the raw DES entry
points in the object code are are, but it would be far less effort for
them to just code DES from scratch or FTP it from Finland..)

   It's been demonstrated that something developed as a signature
   algorithm but later adapted to encryption purposes remains exportable,
   right?  

Wrong.  If I wrap 5 lines of code around MD5 which turns it into an
encryption engine, I can't export those five lines of code.

If I remember correctly, Dan Bernstein attempted to go through the
process of exporting just such a system and was stymied all the way.

						- Bill