1997-01-29 - Re: Last nail for US crypto export policy?

Header Data

From: Steven Bellovin <smb@research.att.com>
To: cypherpunks@toad.com
Message Hash: fadc08a7b5e7a328dc91d6b3486cabbb59d15b3bd0c85c12203dd60d11d89fbd
Message ID: <199701291631.IAA04966@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-29 16:31:52 UTC
Raw Date: Wed, 29 Jan 1997 08:31:52 -0800 (PST)

Raw message

From: Steven Bellovin <smb@research.att.com>
Date: Wed, 29 Jan 1997 08:31:52 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Last nail for US crypto export policy?
Message-ID: <199701291631.IAA04966@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


It is dangerously naive to label this success the ``last nail for US
crypto export policy''.  Everyone concerned with this issue, from the
NSA to the FBI to anyone who wants to use crypto, understands this
and accepts it.  40-bit keys are good for protection against casual
snooping, and nothing more -- and no one is going to claim that you
need supercomputers to crack them.  In fact, I assert that the U.S.
government is *happy* about these results -- because it's going to
push folks towards wanting stronger crypto for export.  The only problem,
of course, is the terms under which such code can be exported...

I'll go further -- in my opinion, the only reason the government doesn't
want DES to fall just yet is that alternatives aren't ready.  That is,
the banks and financial institutions, and for that matter the government
agencies, have not converted to 3DES or Clipper or what have you, and
can't do so on short notice; the commercial products they need just aren't
ready yet.  No one wants to risk a loss of confidence in the financial
system.  Two years from now, though, when some key escrow products are
ready, it may be a different story.






Thread