RSA 1024bit Key for Export

Bill Stewart stewarts at ix.netcom.com
Sun Oct 20 02:25:29 PDT 1996


At 12:26 AM 10/19/96 +0700, you wrote:
>Just a short question :
>What is the exportable maximum key length of RSA if
>use for encrypting session keys? My local Cylink VAR
>in Malaysia says it is 1024bit for encrypting the
>Omega algo.

There isn't one well-defined limit that applies to everything.
You still need to ask for permission, and they still have arbitrary
power to grant or not grant it, though they have some guidelines
about what they will usually approve and what they usually won't.*

I've seen 512-bits as the usual number, but the session key
has to be for a weak symmetric-key cypher like RC4/40.
They probably wouldn't approve 512-bit keys for encrypting
session keys to be used with triple-DES or IDEA or RC4/256.

Cylink may have permission to use 1024 bits in some specific
export-approved product (I'm guessing that's what Omega is?),
but that isn't something you can get approved for general use,
unless the NSA has relaxed a bit under pressure.

Padgett's response on coderpunks wasn't really relevant - 
the section he was quoting was for authorization-protecting
systems only (e.g. protecting PINs), explicitly saying
that it wasn't for encrypting files or text, which would
affect session keys used to encrypt files or text. 

(*They also have guidelines about how fast they will usually
approve or reject things, but they still haven't approved or rejected
Raph's application for exporting the RSA T-shirts after a year, and the
shirts are now semi-obsolete because the RSA implementations are
shorted now :-)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.







More information about the cypherpunks-legacy mailing list