Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why did White House change its mind on crypto?

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Sat, 18 Sep 1999 02:25:43 -0600
Reply From: Darren Reed <darrenr () reed wattle id au>

(I read http://www.infoworld.com/cgi-bin/displayStory.pl?990916.piclint.htm
 and assume theimportant points were there...I haven't chased down the
 actual announcement yet).

I wonder what their requirement is now...you can't export your 3-DES
product if the RNG has an excellent entropy rating ?  Or you must provide
key-escrow for some % of the key ?  Reading the anouncement, it does *NOT*
free up export of freeware crypto products (i.e. kerberos, IPsec, etc),
nor does it allow for private persons to obtain strong crypto software
from the USA.  Maybe this is an announcement which recognises that
`anyone' can decrypt the weaker algorithms using 40 and 56bit keys and
that this poses a large threat to commercial institutions the world over.
Afterall, if the French have their own `NSA' style operation, French
multinationals would be at a competitive advantage in recent months as
restrictions on crypto were lifted in response to Echelon.  I imagine
companies like Boeing would feel a tad miffed at being restricted to 56bit
crypto for Internetional offices whilst their counterparts at Airbus could
use 3-DES.

Also, it suggests that maybe dirty deals will be done behind closed doors,
or in `review', suggestions will be made on how to cripple the product in
some way (provide predictable random numbers, etc).

So as far as the end user sitting at home using IE-5 to buy things over
the Internet is concerned, this announcement makes 0 difference if they
live outside of the USA.  Given the nature of the Internet and that
control of product distribution on the Internet is ~impossible, it is
unlikely that there will be any *real* improvements in the situation in
the near future.

Of course, the funny part is expecting the banned countries to not obtain
such software, if they don't already have it, via indirect channels.

An interesting event, yes, but people should not stop putting pressure on
the US Government to properly relax the export controls on crypto
products.  The fight is not yet over!

Darren

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: