1997-01-29 - Re: Last nail for US crypto export policy?

Header Data

From: Steven Bellovin <smb@research.att.com>
To: cypherpunks@toad.com
Message Hash: b35814cd792a46e3313f1aadf35bfcd5212218103cf06d44b7d6098d6c2084a5
Message ID: <199701291411.JAA01361@raptor.research.att.com>
Reply To: N/A
UTC Datetime: 1997-01-29 14:15:12 UTC
Raw Date: Wed, 29 Jan 1997 06:15:12 -0800 (PST)

Raw message

From: Steven Bellovin <smb@research.att.com>
Date: Wed, 29 Jan 1997 06:15:12 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Last nail for US crypto export policy?
Message-ID: <199701291411.JAA01361@raptor.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain


It is dangerously naive to label this success the ``last nail for US
crypto export policy''.  Everyone concerned with this issue, from the
NSA to the FBI to anyone who wants to use crypto, understands this
and accepts it.  40-bit keys are good for protection against casual
snooping, and nothing more -- and no one is going to claim that you
need supercomputers to crack them.  In fact, I assert that the U.S.
government is *happy* about these results -- because it's going to
push folks towards wanting stronger crypto for export.  The only problem,
of course, is the terms under which such code can be exported...

I'll go further -- in my opinion, the only reason the government doesn't
want DES to fall just yet is that alternatives aren't ready.  That is,
the banks and financial institutions, and for that matter the government
agencies, have not converted to 3DES or Clipper or what have you, and
can't do so on short notice; the commercial products they need just aren't
ready yet.  No one wants to risk a loss of confidence in the financial
system.  Two years from now, though, when some key escrow products are
ready, it may be a different story.





Thread