1996-01-20 - Re: CryptoAPI and export question

Header Data

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: stewarts@ix.netcom.com (Bill Stewart)
Message Hash: 6c0527ba1a54550762094b6a71f1deed0418513b7b515298db990426b4d981e3
Message ID: <199601201137.WAA20395@sweeney.cs.monash.edu.au>
Reply To: <199601200402.UAA01863@ix6.ix.netcom.com>
UTC Datetime: 1996-01-20 11:50:03 UTC
Raw Date: Sat, 20 Jan 1996 19:50:03 +0800

Raw message

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Sat, 20 Jan 1996 19:50:03 +0800
To: stewarts@ix.netcom.com (Bill Stewart)
Subject: Re: CryptoAPI and export question
In-Reply-To: <199601200402.UAA01863@ix6.ix.netcom.com>
Message-ID: <199601201137.WAA20395@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Tom Johnston <tomj@microsoft.com>
  and Bill Stewart <stewarts@ix.netcom.com>
  and cypherpunks@toad.com

Bill Stewart wrote:
...
> 3) Consider the case of a contractor who buys the development kit,
...
> into the US.)  He probably can't legally re-export the code, or export
> the signed version of it, but he can export the signature itself,
> since that's not cryptographic code, and the foreign company can
> reattach it to their original document, which you have now signed....
...

This is not that difficult for MS to work around - for example, they
could modify the code harmlessly before signing it. Unless you
know *how* they modified it, you can't reproduce it.

Example: some assembly instructions have more than one machine
code representation. MS could put some kind of cryptographically
strong pattern into these (ie one that can't be reverse-engineered).

ObCrypto: Stego in .EXE files?


Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMQDT7ixV6mvvBgf5AQEEAwP/fJqfsCP1sA4ojwivHBeVxLpSfpKXEjpp
MgcHSVnFWkw1ezPUAmC9tugT0NEtIIDDs4ntDHUUa6Ki/bH1QFxqD5Gw8OCeGDJU
UQc/Y1o0K6XSAsiYWfEOE6fCnG3pbxGAc8s3Sz+TZbAhr0pqXIf3t1t6CNP3+dBn
Gnuq+OyIv5E=
=tfG3
-----END PGP SIGNATURE-----





Thread