On Dec 10, 2007 4:40 PM, Ed Leafe <[EMAIL PROTECTED]> wrote: > On Dec 10, 2007, at 6:32 PM, Nate Lowrie wrote: > > > We have to be very careful with this. I don't know where the lines > > are with ITAR but we (devs in the US) cannot export encryption > > technology above a certain standard. If someone wants to tackle this > > feel free, but please send an email to the dev list containing the > > specs of the encryption standard before you commit so that we don't do > > anything that would be a felony... > > I don't see a problem with this. We will not be supplying the > encryption, period. We will only be supplying the hooks. It makes no > sense to supply a publicly-available, open-source reversible > encryption, since anyone can download Dabo and decrypt away.
Wow...The weakest encryption algorithms have strength in the algorithm. The strongest have all of the strength in the key. DSA and RSA are published standards free for anyone to download. You can decode the message without a key, but it involves factoring a number with 2^16+ digits into its 2 prime numbers, a task you can't brute force in a lifetime with all of the computing power in the world. You can supply a publicly available, open-source symmetric cipher, and have it be strong and unbreakable without the key. The only problem is key management. You could hash the key with a password... Cheers, Nate L. _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-users Searchable Archives: http://leafe.com/archives/search/dabo-users This message: http://leafe.com/archives/byMID/dabo-users/[EMAIL PROTECTED]
