[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES with 40-bit key?



> Date: Mon, 29 Mar 1999 15:16:58 -0500
> From: Sandy Harris <sandy.harris@sympatico.ca>
> 
> For free code that implements IPSEC with 3DES see either of:
> 
> http://www.xs4all.nl/~freeswan    for Linux
> http://www.kame.net               for *BSD, from Japan

Of course do not forget http://www.openbsd.org, where you can find
additional cryptographic transforms, like Blowfish, Cast and Skipjack.

As for the initial question, Ari did not state from which country he
wanted to export from.  Some have understood it to be the US, others
have guessed a Wassenar country.  I did read up a bit on Wassenaar and
found it not to be as bad as I initially been afraid of.

Most cryptography software are actually exempt, by this general
software note:

------------------------------------------------------------------------------
The Lists do not control "software" which is either: 

1. Generally available to the public by being: 

    a. Sold from stock at retail selling points without restriction,
       by means of: 

        1. Over-the-counter transactions; 
        2. Mail order transactions; or 
        3. Telephone call transactions; and 

    b. Designed for installation by the user without further
       suhstantial support by the supplier; or 

2. "In the public domain". 
---------------------------------------------------------------------------

The source is an OCR scan found on the net,
http://www.jya.com/wa/walists.htm

Even though the definition of "public domain" in there is rather
vague, my personal opinion is that both BSD and GPL code is exempt
from the Wassenaar agreement.

Back to the subject, if I understand Ari's question right, it was: how
do I provide no-stronger-than-N bits of protection if the only known
transform to talk to other IKE's with are 3DES.  My answer is along
the line of another guy in the thread; by publishing 192-N bits of the
key in a vendor defined NOTIFY STATUS message always sent out after
every exchange, and going to your government and show them that you
disclose the extra bits.

Now, I don't particularily like this, given that the party you talk to
might trust the actual keylengths, and send data it would not send at
a lower security level.  Maybe your government allows you to just log
these extra bits in a write-only black-box memory of some sort,
together with the SPIs.  That'll at least protect your communication
for the non-governmental bad guys.  And the government can get at the
extra bits when they need, with a warrant.

The other ideas with using redundant patterns in the 3DES keys are
simply impossible.  The keys are never specified anywhere, they are
computed with input from random data from both parties, there is no
way of creating redundant key content.  The only way to weaken the
keys are to publish part of them.

But first of all, I would ask you to question the specific governments
position on cryptography export regulations.  The more we are that
question them, the better.

Actually Ari, I thought you had your production in Finland, isn't it
so?  Or is it that your product does not fit the exemptions of the
Wassennaar?  I did not even find mentions of keylengths when I read
it, but I just read here and there trying to see if I did illegal
things, which I incidentally do not, as I interpret the rules (the
biggest problem being, is the BSD license, a public domain license, as
they view it?  It's not what I call PD, but in their eyes it probably
is).

Niklas



Follow-Ups: References: