On Wed, Oct 25, 2006 at 08:22:09AM -0400, Bill Smith wrote: > I was curious if anyone has had to deal with US (or other) export > considerations regarding key size, etc. Is there a way to restrict > keysize with dropbear to meet export requirements? I know that it makes > for a weaker cipher but it would still be better then straight telnet.
The smallest encryption keysize defined in the spec (rfc4253) is 128 bits, so you're not going to manage it there if you want interoperability with other SSH clients. I guess it's technically possible to disclose say half the key via some covert channel, though I'd really advise against that - backdoors tend to scare people away quite effectively. (Please, call it something other than Dropbear if you do that ;) I was under the impression that US export restrictions have been relaxed to allow most exports, possibly with a one-time review? (Excluding the usual Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria [1] where any kind of trade is tricky.) Matt [1] http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#us_1
