Jeff wrote:
The retail version of Netscape Navigator sold in US stores has been the US version for almost a year now. The first run were the export version, because the marketing people thought it would be easier. When I explained the issue, they made the change to the stronger US version immediately. --Jeff
This, I think, is one place where the activities of members of this list have had a real effect. Last September, three or four semi-overlapping efforts succeeded in brute-forcing 40 bit RC4 (used in export-quality SSL). This had three main effects: 1. Raising the issue in the media, and thus in the public consciousness. 2. Within a month, the government was starting to talk about permitting the export of stronger (but GAK'd) encryption products. 3. It enabled people like Jeff to argue successfully that releasing only an export-strength product was no longer a viable option.In practical terms is probably the most important effect of the crack: I know of at least one other company where it led directly to the release of both domestic and export versions. Any one up for a distributed brute force attack on single DES? My back-of-the-envelope calculations and guesstimates put this on the hairy edge of doability (the critical factor is how many machines can be recruited - a non-trivial cash prize would help). Peter Trei trei@process.com "Exportable strong encryption" is an oxymoron.