RE: Columbia crypto box

Arnold G. Reinhold
Wed, 12 Feb 2003 10:27:21 -0800

At 11:21 AM -0500 2/11/03, Trei, Peter wrote:

...
>
I totally agree that WEP has/had problems well beyond the export issue,
but that's not my point. A product which cannot be exported will not be
developed, generally speaking.

I quote from AC2 (Schneier), page 615 (which was published in 1996):

"The State Department does not approve of the export of products with
strong encryption, even those using DES. [...] The Software Publishers
Association (SPA) has been negotiating with the government to ease
export license restrictions. A 1992 agreement between them and the
State Department eased the export license rules for two algorithms,
RC2 and RC4, as long as the key size is 40 bits or less."

So, it doesn't matter how espionage-enabled CDMF was, if you
wanted to export crypto for general use, you were stuck with
RC2 or RC4. This situation eased slightly (to 56 bits) around
1997, but did not reach today's conditions until 2000.  The
AMMS system cited above dates to 1995.

...

I might add that using RC4 with a key composed of a 40-bit secret and an IV transmitted in the clear would not necessarily qualify automatically under that 1992 agreement. It is quite possible that the foolishly short 24-bit IV in WEP was the result of real or anticipated pressure from the export control folks.

(It feels weird to be citing Schneier as a historical document).

Indeed, but it is important to remember just how thickheaded the anti-crypto effort of the '80s and '90s was and how much damage it did.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to