Iang wrote:
Why do we need the 1980s assumption of being able to send freely to
everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to mind.
i...@sale.me.your.thing.com is another. I think the types of prior whitelist
only secure systems being discussed on-list
Phillip Hallam-Baker wrote:
One hypothesis that I would like to throw out is that there is no point in
accepting encrypted email from someone who does not have a key to encrypt
the response.
I'd agree, as I was in just this position in the last week or so: I got a gpg
encryped email from
Ok, skip this one if you aren't an active crypto library maintainer. I'm
updating a hash library from FIPS 180-2 to 180-4 compliance and this list is
the place I know where somebody might know the answers to all the following
questions without my spending days tracking down the answers.
Please
--Alexander Kilmov wrote:
--David Mercer wrote:
2) Is anyone aware of ITAR changes for SHA hashes in recent years
that require more than the requisite notification email to NSA for
download URL and authorship information? Figuring this one out last
time around took ltttss of
Fare wrote:
Or once again, maybe a general problem solver given the specification
of some cryptographic function satisfying some properties could
automatically find a robust enough algorithm, and then it's impossible
to either restrict its export or patent. Now, if each time your solver
is itself
Ok, I dug around my email archives to see what the heck to google, and answered
my own question regarding ITAR and NIST defined Suite B implementing software.
Here it goes
From http://www.nsa.gov/ia/programs/suiteb_cryptography/
...Says, effectively, that products that 'are configure to USE
+radix42=gmail@metzdowd.com
Date: Tue, 03 Sep 2013 12:29:38
To: cryptography@metzdowd.com
Subject: [Cryptography] Three kinds of hash: Two are still under ITAR.
On 09/03/2013 09:54 AM, radi...@gmail.com wrote:
--Alexander Kilmov wrote:
--David Mercer wrote:
2) Is anyone aware of ITAR changes
Jerry Leichter wrote:
Currently we have SHA-128 and SHA-256, but exactly why one should choose one
or the other has never been clear - SHA-256 is somewhat more expensive, but
I can't think of any examples where SHA-128 would be practical but SHA-256
would not. In practice, when CPU is thought