--Alexander Kilmov wrote:
>--David Mercer wrote:
>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years 
>> that require more than the requisite notification email to NSA for 
>> download URL and authorship information? Figuring this one out last 
>> time around took looootttttttssssss of reading.

>I used to believe that hashing (unlike >encryption) was not considered 


Its a common misconception. ITAR doesn't require a license or permit for strong 
hash functions, but for US persons require(d?) notification of NSA of 
authorship, contact email and download URL(s), at least in 2006 it did. Often 
observed in the breach as it were, but some need care more about the letter of 
the law than others. I'm mostly curious if that requirement has gotten more or 
less stringent.

Thanks, that NIST list looks like the one I need.

-David Mercer

David Mercer
Portland, OR

The cryptography mailing list

Reply via email to