From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Date: Fri, 22 Nov 1996 19:15:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: FAQ on legalities SSLeay, &c.
Message-ID: <Pine.OSF.3.91.961122215908.26369G-100000@fn3.freenet.tlh.fl.us>
MIME-Version: 1.0
Content-Type: text/plain


the recently posted FAQ on crytpo patent expiration dates etc. stated that
MD5 and SHA were not export-restricted anywhere.  The FIPS Pub for SHA
(which I think is numbered 180-1) specifically states that SHA is export
controlled (by ITAR).  I asked this list why it would be controlled, since
it was a signature function, and Perry Metzger replied that crypto hash 
functions make good starting points for building a block cipher program.  

there is a section in Schneier's _Applied Crypto_ on this, too.

anybody heard from the old Perry-grammer on his list project?
I miss him.  He would be having a field day with all this noise.

surprised there hasn't been more chatter about the improved differential 
fault analysis (IDFA).  That is pretty powerful stuff.  They just don't 
make tamper-proof like they used to.  Forget chomping on the keyspace, 
read the modulus and divide by the public key.  I like the reference to 
the 'Mafia EFT/POS'.

ObSciFi:  Go back and read the Preface (by Bruce Sterling) to Gibson's 
_Burning Chrome_ collection.  He talks about the sorry state of SF in the 
1980's and how Gibson, among others, was turning out something new. Hmph.