Disclaimer: I'm not an expert in export control law; before acting on anything in here, check with a "real" expert. Date: Tue, 31 May 94 13:08:32 CDT From: m5@vail.tivoli.com (Mike McNally) Sender: owner-cypherpunks@toad.com Lets say I rigged up a "signature" system that cranked the message through a DES or 3DES engine in CBC mode, and used the last value as the signature (or something like that; whatever makes the most sense). In that context---as a signature algorithm---would DES be exportable? My understanding is that under current regulations, yes, assuming that 1) the end-user does not have access to use the raw DES encryption routines for data privacy. 2) you do not export source code for DES (it's too easy to remove "static" from C source :-) ) (of course, someone armed with a disassembler and an architecture reference manual could probably figure out where the raw DES entry points in the object code are are, but it would be far less effort for them to just code DES from scratch or FTP it from Finland..) It's been demonstrated that something developed as a signature algorithm but later adapted to encryption purposes remains exportable, right? Wrong. If I wrap 5 lines of code around MD5 which turns it into an encryption engine, I can't export those five lines of code. If I remember correctly, Dan Bernstein attempted to go through the process of exporting just such a system and was stymied all the way. - Bill