It's nice to see that, five+ years after the DES crack and
a month after the RSA-576 challenge was broken
(and rather longer since 512-bit cracks),
and as spread-spectrum phones and data cards are under $50
and wireless security has become a major industry concern,
that our government still cares enough to protect us by
limiting export of those technologies so the Commies don't get them...I guess the FreeS/WAN project still needs to stay outside the US.
Bill Stewart
At 05:08 AM 12/11/2003 -0800, John Young wrote:
On December 10, 2003, the Bureau of Industry and Security issued a final rule to revise the Commerce Control List which regulates export of US technologhy. Below are excerpts involving encryption. The full rule:
http://cryptome.org/bis121003.txt ..... a.1.a. A ``symmetric algorithm'' employing a key length in excess of 56-bits; or a.1.b. An ``asymmetric algorithm'' where the security of the algorithm is based on any of the following: a.1.b.1. Factorization of integers in excess of 512 bits (e.g., RSA); a.1.b.2. Computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie- Hellman over Z/pZ); or a.1.b.3. Discrete logarithms in a group other than mentioned in 5A002.a.1.b.2 in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve); a.2. Designed or modified to perform cryptanalytic functions; a.3. [RESERVED] a.4. Specially designed or modified to reduce the compromising emanations of information-bearing signals beyond what is necessary for health, safety or electromagnetic interference standards; a.5. Designed or modified to use cryptographic techniques to generate the spreading code for ``spread spectrum'' systems, including the hopping code for ``frequency hopping'' systems; a.6. Designed or modified to use cryptographic techniques to generate channelizing or scrambling codes for ``time-modulated ultra-wideband'' systems; a.7. Designed or modified to provide certified or certifiable ``multilevel security'' or user isolation at a level exceeding Class B2 of the Trusted Computer System Evaluation Criteria (TCSEC) or equivalent; a.8. Communications cable systems designed or modified using mechanical, electrical or electronic means to detect surreptitious intrusion.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
