[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question regarding mandatory CBC-DESSupport
The IPSEC spec defines that all implementations MUST support CBC-DES.
I have a question regarding the export laws which are associated with
it.
My understanding is that if I make the key 40 bits, then there is no
export problem. However, the KDC system that we have implemented
generates 128 bit session keys, and these keys are short lived
(meaning that they are one time keys). I believe that DES has
restricted key length of 64 bits, so I suppose I must truncate the
session key to that length.
Has anyone ever tried to export a product which would do this?? It
seems that the Government would not allow me to do so. One method, I
suppose would be to only use the first 40 bits of the session key but
this considerably weakens the protocol's security.
I would appreciate any help,
Pat R. Calhoun e-mail: pcalhoun@usr.com
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
Follow-Ups: