Information Security News mailing list archives
Re: Why did White House change its mind on crypto?
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Sat, 18 Sep 1999 02:25:43 -0600
Reply From: Darren Reed <darrenr () reed wattle id au> (I read http://www.infoworld.com/cgi-bin/displayStory.pl?990916.piclint.htm and assume theimportant points were there...I haven't chased down the actual announcement yet). I wonder what their requirement is now...you can't export your 3-DES product if the RNG has an excellent entropy rating ? Or you must provide key-escrow for some % of the key ? Reading the anouncement, it does *NOT* free up export of freeware crypto products (i.e. kerberos, IPsec, etc), nor does it allow for private persons to obtain strong crypto software from the USA. Maybe this is an announcement which recognises that `anyone' can decrypt the weaker algorithms using 40 and 56bit keys and that this poses a large threat to commercial institutions the world over. Afterall, if the French have their own `NSA' style operation, French multinationals would be at a competitive advantage in recent months as restrictions on crypto were lifted in response to Echelon. I imagine companies like Boeing would feel a tad miffed at being restricted to 56bit crypto for Internetional offices whilst their counterparts at Airbus could use 3-DES. Also, it suggests that maybe dirty deals will be done behind closed doors, or in `review', suggestions will be made on how to cripple the product in some way (provide predictable random numbers, etc). So as far as the end user sitting at home using IE-5 to buy things over the Internet is concerned, this announcement makes 0 difference if they live outside of the USA. Given the nature of the Internet and that control of product distribution on the Internet is ~impossible, it is unlikely that there will be any *real* improvements in the situation in the near future. Of course, the funny part is expecting the banned countries to not obtain such software, if they don't already have it, via indirect channels. An interesting event, yes, but people should not stop putting pressure on the US Government to properly relax the export controls on crypto products. The fight is not yet over! Darren ISN is sponsored by Security-Focus.COM
Current thread:
- Why did White House change its mind on crypto? mea culpa (Sep 17)
- <Possible follow-ups>
- Re: Why did White House change its mind on crypto? mea culpa (Sep 18)