From: Anonymous <nobody@replay.com>x@z.wyx
Date: Wed, 2 Dec 1998 20:45:06 +0800
To: cypherpunks@Algebra.COM
Subject: Re: "Export" controls
Message-ID: <199812021214.NAA20333@replay.com>
MIME-Version: 1.0
Content-Type: text/plain



>Can you give me an example of a commercial vendor who has suffered
>because someone bought a "dangerous" product ( Windows, for example ) at
>retail and carried it out of the country in a suitcase? My guess would

I cannot give such example because hard crypto products are not available to
the general public.

I am unaware that microshit OS has hard crypto built-in. The only hard crypto
package I have ever seen for sale at mail-order (and thus not anonymous) is
NAI's PGP (and I have never seen any hard crypto available in a store for cash
- but that can only mean that there is no perceived demand).

However, any hard crypto that would work on system level and encrypt all
communications is not available for purchase (it is available for free,
though, in the form of IPSec package with 128-bit block ciphers for
*BSD operating systems.)

There is a number of VPN companies that offer crypto boxes, but AFAIK they
either do not mention crypto scheme they use or they say DES. There is
only one VPN company that advertises 128-bit crypto in it's product.

>> [ For example, try to buy one of IBM crypto-cards - give them a call
>> and ask what does it take to purchase one with hard crypto on it
>>
>Save me the phone call and describe your experience. BTW - IBM derives a

You'll miss all the fun. After talking to 5-6 departments one concludes
that no one knows anything about 4758, but they are all nice and helpful,
and forward your call to each other. 4758 does not exist for casual callers.
My guess is that if you have been dealing with IBM for some time you may
be able to get it.

To recap, there are no hard crypto drop-in hardware products available to
general public in the USA today.

>just write a damn book, source, VHDL etc. You can even export that. My

The question is how to make money by selling hard crypto in the US. NAI seems
to be the only company that can get away with so-called "publishing exception"
in the commercial world. Their joining the key recovery alliance is probably
unrelated :-)

>Disk encryptor - SCSI/EIDE, a bump in the wire between the motherboard
>and the disk drive. With its own smartcard/keypad interface, keys are
>never seen by OS. It doesn't solve the security problem while the system

There are many neat ideas. But no hardware.