ITAR's 40 bit limit
Bill Stewart
stewarts at ix.netcom.com
Sun Jul 21 04:48:05 PDT 1996
At 07:45 PM 7/20/96 -0400, "David F. Ogren" <ogren at cris.com> wrote:
>Another paradox of the US export regulations.
>The NSA is allowing 40 bit crypto exports. So as a hypothetical example
>assume that I write a crypto program that uses 40 bit RC4 to encode data
>(licensing from RSA). I then get an export license using the accelerated
>process for 40 bit RC4.
.......
>However, what if she runs the program three times with three different
>passwords. (Ignore the problems of Inner-CBC and Outer-CBC for now.) Now
>the file is triple RC4 encoded with the equivalent of 80 bit security.
Not always possible. The rule isn't just "40 bit crypto" it's "permission,
which you won't get with over 40 bits unless you're very cooperative."
Applications like Netscape's SSL don't give you the ability to feed your
data through it three times; they process your stream of data and send it.
Also, some 40-bit systems put known plaintext at the beginning of their
output (e.g. a magic number saying that this file is in FooBar40 format)
which means that even if you quintuply encrypt them, you still only
have several layers of 40-bit encryption that you can peel one at a time.
# Thanks; Bill
# Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com
# http://www.idiom.com/~wcs
# Confuse Authority!
More information about the cypherpunks-legacy
mailing list