Another point: it raises the possibility of an interesting loophole in the ITAR. Cryptographic hash functions are exportable, as "systems for authentication", or something to that effect. A random-number generator based on a hash function should be exportable. After all, as you say,
I have many uses for random numbers and none of them is XOR encryption.
But such an RNG *could* be used for encryption. If you package and market it as such, you're asking for trouble. But packaged as a library routine in a simulation library? It's not a fast PRNG, but it should be pretty good statistically. Does it strike you as ironic that in this atmosphere where "exporting" basically secure products like PGP is illegal, that exporting the tools to generate one of the best possible (in the security sense) encryption systems known to current technology (better than anything that can be implemented in software, anyway) would be _legal_, because it also has ample uses that are unrelated to cryptography? If only One Time Pad style systems weren't so kludgey, this would
present the _perfect_ solution to our problems with ITAR and the like. Unfortunately, there are some things they can't do. Oh well... Please don't bother to tell me that we'd need to physically build hardware to generate seeds for the hash functions, because I already know that. I didn't say it was entirely practical, just that it was an interesting bit of irony. -- Matthew B. Landry ml7694a@american.edu (Finally!) mbl@ml7694a.leonard.american.edu
participants (1)
-
Matthew B. Landry