From: stewarts@ix.netcom.com
Date: Wed, 4 Sep 1996 13:27:56 +0800
To: Surya Koneru <surya@premenos.com>
Subject: Re: rc2 export limits..
Message-ID: <199609040252.TAA11495@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 9/3/96 -0700, you wrote:
>Hi,  Does anyone know the export limit for RC2 Key size ?  

As with any other crypto system, the rule is "you need to
get the NSA's permission, which they'll give if they feel like",
rather than any well-defined rule you can depend on.
However, the usual guidelines for systems like RC2 and RC4 is
40-bit keys, and RSA keys up to 512 bits for encrypting 
session keys and 1024 bits for signatures, plus you have to
structure the code so people can't easily modify it or
use it to triple-encrypt in ways that make the triple-encrypted
version stronger than 40 bits.

Also, if you're using Real RC2, you may need permission from
RSA Data Systems, Inc..  If you're just using the algorithm that
came out on the net that looks suspiciously like RC2, you may or may not.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto