--Alexander Kilmov wrote: >--David Mercer wrote: >> 2) Is anyone aware of ITAR changes for SHA hashes in recent years >> that require more than the requisite notification email to NSA for >> download URL and authorship information? Figuring this one out last >> time around took looootttttttssssss of reading.
>I used to believe that hashing (unlike >encryption) was not considered >arms. >-- >Regards, >ASK Its a common misconception. ITAR doesn't require a license or permit for strong hash functions, but for US persons require(d?) notification of NSA of authorship, contact email and download URL(s), at least in 2006 it did. Often observed in the breach as it were, but some need care more about the letter of the law than others. I'm mostly curious if that requirement has gotten more or less stringent. Thanks, that NIST list looks like the one I need. -David Mercer David Mercer Portland, OR _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography