Need info! / Re: Export a random number, go to jail
Tim May wrote:
At 9:46 AM -0700 11/3/97, Peter D. Junger wrote:
: One time pads are under rated, in my view. Not only are they secure : forever, but the executive branch of the U.S. government says they are : exportable.
If your basis for saying that the U.S. government says that one time pads are exportable was the governments classification of a one time that I wrote in DOS assembly language using XOR to munge together the contents of two files, I don't think that you can rely on that authority since, at the same time, the government refused to rule that all one time pads using XOR are not subject to licensing under the EAR.
"Export a random number, go to jail."
Is it legal to export '37'? How about '148'? '276'? '3,289,534'? '6.33458'? Thanks, A Fucking Iditot
At 5:29 AM -0700 11/5/97, Peter D. Junger wrote:
Anonymous writes that I wrote:
: > : > "Export a random number, go to jail."
Actually, that was _my_ line, a riff on the old Cyphepunks joke, "Use a random number, go to jail."
And then asked:
: : Is it legal to export '37'? : How about '148'? : '276'? : '3,289,534'? : '6.33458'?
Perhaps I was not clear enough. The U.S. government's classifications that I wrote about had to do with one-time pad programs, not the pads themselves.
As Shannon showed, the program to execute a one-time pad is ridiculously simple: an XOR of two files or vectors. Not only can any student in any country write such a program, it's built in to many systems. (In a whimsical twist to Peter's own situation, he could describe in his class what an XOR is and how it applies to one time pads, and he then would have "conveyed" to any foreigners in his class all they need to implement a truly unbreakable cryptosystem.) With one time pads, the pads _are_ the only thing that matters! While I was not seriously suggesting that one time pads would be barred from export, I expect that permission to export one would not be granted if applied for, for certain countries. (Someone could do this as an exercise, by applying for an export permit to export a pad to some verboten destination...of course, by giving a copy of the pad to the BXA/EAR folks, one has just compromised the pad, and so....)
I know of nothing official that says that the pads themselves are exportable, but there is nothing in the regulations that suggests they are not. Random number and encrypted messages are not regulated by the U.S. export regulations; only ``encryption software'' is regulated. So far as I know the government has never claimed that one-time pads are, or are not, subject to the export regulations.
My hunch is that if exports of one time pads ever became a concern for them they'd find something in the BXA/EAR language to classify the pads as being controlled. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Anonymous writes that I wrote: : > >If your basis for saying that the U.S. government says that one time : > >pads are exportable was the governments classification of a one time : > >that I wrote in DOS assembly language using XOR to munge together the : > >contents of two files, I don't think that you can rely on that : > >authority since, at the same time, the government refused to rule that : > >all one time pads using XOR are not subject to licensing under the : > >EAR. : > : > "Export a random number, go to jail." And then asked: : : Is it legal to export '37'? : How about '148'? : '276'? : '3,289,534'? : '6.33458'? Perhaps I was not clear enough. The U.S. government's classifications that I wrote about had to do with one-time pad programs, not the pads themselves. I know of nothing official that says that the pads themselves are exportable, but there is nothing in the regulations that suggests they are not. Random number and encrypted messages are not regulated by the U.S. export regulations; only ``encryption software'' is regulated. So far as I know the government has never claimed that one-time pads are, or are not, subject to the export regulations. If anyone knows of a governmental classification relating to the export status of one-time pads themselves, I would be very grateful for a reference. Thanks, Peter -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu NOTE: junger@pdj2-ra.f-remote.cwru.edu no longer exists
participants (3)
-
nobody@REPLAY.COM -
Peter D. Junger -
Tim May