At 03:03 AM 9/29/96 -0700, Erp <erp@digiforest.com> wrote:

What is the maximum encryption allowed to be created. With export restrictions in mind, and without export restrictiosn in mind... Thanks... By WORLD and US standards please...

The laws of nature don't appear to provide any maximum strength, assuming you run out of atoms to store your data before you run out of capacity for your computer, and _you'll_ be out of cash long before that :-) For mathematically strong algorithms, you can make the work a cracker has to do be exponentially larger than the amount of work you have to do to decrypt, so you win. Different governments have different rules, and many have no rules. Bert-Jaap Koops has a summary that (last time I looked) was at http://cwis.kub.nl/~frw/CRI/projects/bjk/lawsurvy.htm about different governments' crypto use and export rules. For the US, you can export cryptography software if you get permission, and you can usually get permission if you're using up to 40-bit symmetric-key keys and 512-bit public keys, or if you're writing software that's strictly for banking. You usually can't get permission for stronger crypto than that, unless you're a registered international arms dealer and are only selling your crypto gear to Friends Of The Pentagon. There aren't any restrictions on the strength of crypto you can use for messages you're exporting, only on software you export. And there are somewhat bizarre interpretations of "export", including telling foreigners inside US borders if they're not US subjects. Domestically, there are no restrictions on crypto you can write and use inside the US, subject of course to the bizarre interpretations of "domestically" that accompany "export". # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto