1996-09-30 - Re: Cryptography..

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: Erp <erp@digiforest.com>
Message Hash: 107c04f09a825ad84967f7d1694c2d1ca8551f11e1e303b48dec8b71e3cf269b
Message ID: <199609300453.VAA09353@netcomsv.netcom.com>
Reply To: N/A
UTC Datetime: 1996-09-30 06:56:08 UTC
Raw Date: Mon, 30 Sep 1996 14:56:08 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Mon, 30 Sep 1996 14:56:08 +0800
To: Erp <erp@digiforest.com>
Subject: Re: Cryptography..
Message-ID: <199609300453.VAA09353@netcomsv.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:03 AM 9/29/96 -0700, Erp <erp@digiforest.com> wrote:
>What is the maximum encryption allowed to be created.  With export 
>restrictions in mind, and without export restrictiosn in mind...
>Thanks...   By WORLD and US standards please...

The laws of nature don't appear to provide any maximum strength,
assuming you run out of atoms to store your data before
you run out of capacity for your computer, and _you'll_ be out of
cash long before that :-)  For mathematically strong algorithms,
you can make the work a cracker has to do be exponentially larger
than the amount of work you have to do to decrypt, so you win.

Different governments have different rules, and many have no rules. 
Bert-Jaap Koops has a summary that (last time I looked) was at
http://cwis.kub.nl/~frw/CRI/projects/bjk/lawsurvy.htm
about different governments' crypto use and export rules.

For the US, you can export cryptography software if you get permission,
and you can usually get permission if you're using up to
40-bit symmetric-key keys and 512-bit public keys,
or if you're writing software that's strictly for banking.
You usually can't get permission for stronger crypto than that,
unless you're a registered international arms dealer and are
only selling your crypto gear to Friends Of The Pentagon.
There aren't any restrictions on the strength of crypto you can
use for messages you're exporting, only on software you export.
And there are somewhat bizarre interpretations of "export",
including telling foreigners inside US borders if they're not US subjects.

Domestically, there are no restrictions on crypto you can
write and use inside the US, subject of course to the bizarre interpretations
of "domestically" that accompany "export".

 

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto






Thread