At 11:21 AM -0500 2/11/03, Trei, Peter wrote:
...... > I totally agree that WEP has/had problems well beyond the export issue, but that's not my point. A product which cannot be exported will not be developed, generally speaking.I quote from AC2 (Schneier), page 615 (which was published in 1996): "The State Department does not approve of the export of products with strong encryption, even those using DES. [...] The Software Publishers Association (SPA) has been negotiating with the government to ease export license restrictions. A 1992 agreement between them and the State Department eased the export license rules for two algorithms, RC2 and RC4, as long as the key size is 40 bits or less." So, it doesn't matter how espionage-enabled CDMF was, if you wanted to export crypto for general use, you were stuck with RC2 or RC4. This situation eased slightly (to 56 bits) around 1997, but did not reach today's conditions until 2000. The AMMS system cited above dates to 1995.
I might add that using RC4 with a key composed of a 40-bit secret and an IV transmitted in the clear would not necessarily qualify automatically under that 1992 agreement. It is quite possible that the foolishly short 24-bit IV in WEP was the result of real or anticipated pressure from the export control folks.
(It feels weird to be citing Schneier as a historical document).
Indeed, but it is important to remember just how thickheaded the anti-crypto effort of the '80s and '90s was and how much damage it did.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
