I know this isn't immediately pertinent, but I wanted to offer a pointer to sci.crypt. Currently a discussion of key lengths ("how long do {RSA|IDEA} keys have to be to be `safe'?") is going on; pretty interesting. Funny, I noticed a familiar name contributing (well, asking questions) and then _this_ post: ---------- Forwarded message ---------- From: strnlght@netcom.com (David Sternlight) Subject: Re: I concede the key length/cracking point. [...](matt) Finally, it's been suggested to me that the Clipper issue isn't about today, but about tomorrow,and that rich, smart cryptologic organizations may have no trouble today, but it's hoped that by the time tomorrow comes along, Clipper will be so widespread that non-Clipper can be handled by "other" means. In conclusion, I have to give a nod to the folks who are afraid non-Clipper might be banned some day: If in a few years widely available cheap machines (after all the roughly $1500 Power Mac is what, about 50 MHz?) make much longer keys easily feasible with short encryption/decryption times, then in a few years the government MIGHT actually want to ban non-escrowed crypto very badly. It would probably happen after the current Administration leaves office, making the current White House statements the literal truth for THIS administration. Alternatively, if the NSA has approaches we don't know about which mean that such longer keys are still vulnerable, then we might never see such a ban in the U.S. Note that it's possible to state the above carefully, non-hysterically, and without being offensive. Having taken a few hesitant steps down that path, a few things become clearer. For example the current effort in the Netherlands to ban non-escrowed crypto, and all crypto without permission, perhaps suggests that in the Netherlands they are there already--that is that their cryptologic capabilites aren't of an order comparable to some others and thus they have to face the "banning" decision now. Perhaps the same has been true for France for a while. We do have good reason to believe GCHQ is very advanced--we Americans have learned a thing or three from them, from what I read in the open literature. Thus it's possible the issue hasn't yet become critical in the U.K. Dunno about the Germans. It's possible that they got more from Hitler's former crypto experts than anyone knows and they are very advanced, or it's possible they have "special" relations with the U.S. or maybe even (this would be interesting) the U.K. of a kind that gives them capabilities the Dutch don't have. Given their forward position in the old Cold War days, it wouldn't surprise me. David -----------End Forwarded Message---------- Whoa! blew my mind. I think we finally got through to him. Now we'll have to finish brainwashing him (ready, tentacles?) and put him in a suit and tie. He can be our new spokesman. By the way, this isn't a fake mail -- he's been waltzing around like this for a week or so. matt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom@hardy.u.washington.edu