[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 40bit DES?
> From: Roy Pereira <rpereira@TimeStep.com>
> To: perry@piermont.com, jim@mentat.com
> Cc: chk@utcc.utoronto.ca, rgm-sec@htt-consult.com, ipsec@tis.com
> Subject: RE: 40bit DES?
> Date: Tue, 12 May 1998 16:56:14 -0400
> blah, blah, blah..... Regardless of what your opinion is, in the real
> world we are forced with export issues. Sure 40-bit DES isn't secure,
> but it sure is a lot better than no encryption or not having any sales?
> Its time to move from the theoretical to the practical. I can dream of
> a day when we all live together in harmony with world peace, but reality
> dictates something else, doesn't it?
Speaking of the real world, have you checked out the current export
controls (http://www.bxa.doc.gov/encstart.htm) lately? They don't say
anything about being able to export 40-bit DES. When the controls
transferred from the State Department to the Commerce Department,
things actually got worse. The only current algorithm for which you
may obtain an export license is 40-bit RC4. To export anything
stronger, you must agree to implement key recovery and jump through a
bunch of paperwork hoops to get interim approval for 56-bit DES.
Otherwise, you may *not* export *any* encryption software (usual
caveats for authentication and passwords, etc) which has a
user-definable key. Even ROT-X where X is a user-definable number is
out. So why the discussion of 40-bit DES?
Steve Goldhaber Compatible Systems
goldy@compatible.com http://www.compatible.com
(303) 444-9532
References: