the recently posted FAQ on crytpo patent expiration dates etc. stated that MD5 and SHA were not export-restricted anywhere. The FIPS Pub for SHA (which I think is numbered 180-1) specifically states that SHA is export controlled (by ITAR). I asked this list why it would be controlled, since it was a signature function, and Perry Metzger replied that crypto hash functions make good starting points for building a block cipher program. there is a section in Schneier's _Applied Crypto_ on this, too. anybody heard from the old Perry-grammer on his list project? I miss him. He would be having a field day with all this noise. surprised there hasn't been more chatter about the improved differential fault analysis (IDFA). That is pretty powerful stuff. They just don't make tamper-proof like they used to. Forget chomping on the keyspace, read the modulus and divide by the public key. I like the reference to the 'Mafia EFT/POS'. ObSciFi: Go back and read the Preface (by Bruce Sterling) to Gibson's _Burning Chrome_ collection. He talks about the sorry state of SF in the 1980's and how Gibson, among others, was turning out something new. Hmph.