40bit Encryption : Adequate or sadly lacking ?
Kipp E.B. Hickman
kipp at warp.mcom.com
Tue Jan 17 14:42:53 PST 1995
In article <3fh5m0$7tg at hdxu03.telecom.ptt.nl>, you write:
> In article <marca-1201952123120001 at boulanger.mcom.com>, marca at mcom.com
> says...
> >
> >There's no question that 40-bit is less than one would prefer.
> >This is why we are/will be supporting 128-bit RC4, for example,
> >in US-only products, honoring United States government export
> >restrictions.
>
> Marc, isn't it possible (legally) to deliver products with a replaceble
> encryption library (dll). Delivery with a 40-bit key DLL. The user has
> the option to install a dll with a different keysize. Somewhat like
> winsock...
>
> Yes, I've seen the article suggesting a foreign office. I think an open
> interface would do gooed for the whole field. I.e. ftp, telnet, etc. as
> well.
Actually, it's probably worse than you think:
There are govt's out there that won't let you import code that is
"encryption ready". You must prove that your software is tamper proof
before it can be imported, and tamper proofing means that you can't
bolt on security. Also, I believe the export laws disallow "plug in"
security in the US...
The crypto legal world sucks.
More information about the cypherpunks-legacy
mailing list