1996-07-21 - Re: ITAR’s 40 bit limit

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 3e6b8499cda580caf8c6cdd22346e5cff4360f9bf3b8ebbebf61633afd8704fe
Message ID: <199607210918.CAA01561@toad.com>
Reply To: N/A
UTC Datetime: 1996-07-21 11:48:05 UTC
Raw Date: Sun, 21 Jul 1996 19:48:05 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 21 Jul 1996 19:48:05 +0800
To: cypherpunks@toad.com
Subject: Re: ITAR's 40 bit limit
Message-ID: <199607210918.CAA01561@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
>Another paradox of the US export regulations.
>The NSA is allowing 40 bit crypto exports.  So as a hypothetical example 
>assume that I write a crypto program that uses 40 bit RC4 to encode data 
>(licensing from RSA).  I then get an export license using the accelerated 
>process for 40 bit RC4.
.......
>However, what if she runs the program three times with three different 
>passwords.  (Ignore the problems of Inner-CBC and Outer-CBC for now.)  Now 
>the file is triple RC4 encoded with the equivalent of 80 bit security.  

Not always possible.  The rule isn't just "40 bit crypto" it's "permission,
which you won't get with over 40 bits unless you're very cooperative."
Applications like Netscape's SSL don't give you the ability to feed your
data through it three times; they process your stream of data and send it.

Also, some 40-bit systems put known plaintext at the beginning of their
output (e.g. a magic number saying that this file is in FooBar40 format)
which means that even if you quintuply encrypt them, you still only
have several layers of 40-bit encryption that you can peel one at a time.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!






Thread