-----BEGIN PGP SIGNED MESSAGE----- On Sun, 21 Jul 1996, Bill Stewart wrote:
Date: Sun, 21 Jul 1996 02:16:38 -0700 From: Bill Stewart <stewarts@ix.netcom.com> To: cypherpunks@toad.com Subject: Re: ITAR's 40 bit limit
At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren@cris.com> wrote:
Another paradox of the US export regulations. The NSA is allowing 40 bit crypto exports. So as a hypothetical example assume that I write a crypto program that uses 40 bit RC4 to encode data (licensing from RSA). I then get an export license using the accelerated process for 40 bit RC4. ........ However, what if she runs the program three times with three different passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now the file is triple RC4 encoded with the equivalent of 80 bit security.
Not always possible. The rule isn't just "40 bit crypto" it's "permission, which you won't get with over 40 bits unless you're very cooperative." Applications like Netscape's SSL don't give you the ability to feed your data through it three times; they process your stream of data and send it.
So whats to stop you from making a string of proxy servers? --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfJ95jAJap8fyDMVAQEtZAf/TfMVJOeHKNhuycoMz9/VreCA3Y/42/cv NcHmz7+mv5MZd2M59kBEyahV8TBtxHB5iFHapKvhw+dUr620rBLVMiqbYYd4ZYST EMAt8ZwgEHYkmCLp66qvTDglpjXK79ucTUORPXESGTzs68p300EB0OLCYg21M67M 9RQIgpe3nXgUMvKfxoNFh5rViyA2FNn+GfvNSxnFf9nK++6ClA823qyXe3uj4BKe TIJ1N8H6FE9iUL1n8TM7qBDR67/HFHhNeyKfMVtelMWrdR38NbHdIFUjGNQzvLyI WLHp7ERMqheD4rBdCjrtfquhNscOWHPtMSjEVPFhx92IeDYYxYgZeg== =+ESF -----END PGP SIGNATURE-----