1995-01-17 - Re: 40bit Encryption : Adequate or sadly lacking ?

Header Data

From: kipp@warp.mcom.com (Kipp E.B. Hickman)
To: P.vanMossel@telecom.ptt.nl
Message Hash: d1d4853b2827e0f8494aab29d9ffceb71a2bc58d63a229671551e66db3379d2f
Message ID: <9501172240.AA05908@warp.mcom.com>
Reply To: N/A
UTC Datetime: 1995-01-17 22:42:53 UTC
Raw Date: Tue, 17 Jan 95 14:42:53 PST

Raw message

From: kipp@warp.mcom.com (Kipp E.B. Hickman)
Date: Tue, 17 Jan 95 14:42:53 PST
To: P.vanMossel@telecom.ptt.nl
Subject: Re: 40bit Encryption : Adequate or sadly lacking ?
Message-ID: <9501172240.AA05908@warp.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain



In article <3fh5m0$7tg@hdxu03.telecom.ptt.nl>, you write:
> In article <marca-1201952123120001@boulanger.mcom.com>, marca@mcom.com 
> says...
> >
> >There's no question that 40-bit is less than one would prefer.
> >This is why we are/will be supporting 128-bit RC4, for example,
> >in US-only products, honoring United States government export
> >restrictions.
> 
> Marc, isn't it possible (legally) to deliver products with a replaceble 
> encryption library (dll). Delivery with a 40-bit key DLL. The user has 
> the option to install a dll with a different keysize. Somewhat like 
> winsock...
> 
> Yes, I've seen the article suggesting a foreign office. I think an open 
> interface would do gooed for the whole field. I.e. ftp, telnet, etc. as 
> well.

Actually, it's probably worse than you think:

There are govt's out there that won't let you import code that is
"encryption ready". You must prove that your software is tamper proof
before it can be imported, and tamper proofing means that you can't
bolt on security. Also, I believe the export laws disallow "plug in"
security in the US...

The crypto legal world sucks.








Thread