On Jan 18, 7:21am, Duncan wrote:
Subject: Re: 40bit Encryption : Adequate or sadly lacking ?
Marc, isn't it possible (legally) to deliver products with a replaceble encryption library (dll). Delivery with a 40-bit key DLL. The user has the option to install a dll with a different keysize. Somewhat like winsock....
Actually, it's probably worse than you think:
There are govt's out there that won't let you import code that is "encryption ready". You must prove that your software is tamper proof before it can be imported, and tamper proofing means that you can't bolt on security. Also, I believe the export laws disallow "plug in" security in the US...
The crypto legal world sucks.
Could you clarify the export restriction on "plug and play" encryption ready products? I am about to embark on a project that I want to be distributed freely that would be designed around a generic encryption intereface that I would wrap around a real encryption core such as PGP,etc. I wanted to include a BS encryption in the freely distributable package to prevent export woes. The project is in design stages now and I don't need this additional headache.
Contact a lawyer. It's *really* complicated, and I'm not a lawyer so anything I tell you could be wrong in some important way, and then you would get really angry if the govt started chewing you to pieces. -- --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://home.mcom.com/people/kipp/index.html