> It was my impression that there were no restrictions on the use of IDEA as it > is the public domain; has this changed? If the problem is the source country > for the encryption software, then it can be addressed. I'm not sure, though, > that I fully understand the restriction.
I do not believe this is correct, IDEA has been encumbered with patent restrictions since day one. It's owned by MediaCrypt and they have indicated that they will seek enforcement under international copyright laws of their rights under this patent for commercial applications. I'm not sure what the status is for non-commercial use. A much better choice is the symmetric Blowfish cipher, which is completely unencumbered by any patents. It's reasonably fast (as compared to 3DES or even standard DES) and is extremely simple to implement. Of course, the minute you encrypt any data with 128 bits or greater, your application immediately falls under the US & Canadian (and many other friendly nations) export regulations which effectively prevents export or re-export of the software, and yes, even if you're the developer! In many countries, this is serious business as encryption technology appears on the ML (munitions list), causing exporters of software containing strong encryption (128-bits or greater) to be treated as "arms dealers" if they do so without the proper clearance from the regulatory agencies. In my opinion, the regulations are setup in such a way to allow the general public to only make use of encryption technology and strengths for which the government has computing equipment available that allows them to decrypt these messages (in the interest of national security, so they say). It's been suggested that 128-bit encryption technology found in SSL (secure sockets layer) communications has now officially been compromised since the cost for building a computer to brute force (try every combination) decrypt these messages can be built for under US $1 Billion. This is in the range of many government's budgets, and it's almost certain that the NSA has such capabilities. The problem with this is that it is fairly trivial to set the keysize of even the blowfish cipher to 256-bit or even 512-bits (symmetric) which would make it impossible to decrypt with current computing technology. Export of software containing such strong encryption technology are almost certain to be denied an export license. Of course, within a country it can be readily used, and many websites merely ask you if you are a resident of that country. Now, a terrorist would most certainly answer that question truthfully and exit the site without downloading the technology, right? (not to mention that the source is readily available from many sources) Stephan. > > On Wednesday 04 September 2002 18:01, Robert Davis wrote: > > Come on some of you programming geniuses on this list > > help him out. I KNOW this would definataly benifit me. > > And if I had the programing skill in C beyond the > > basic > > "hello world" ability I would do it for him. > > ---ORIGINAL MESSAGE BELOW FROM TIGHT VNC > > LIST---------- > > Message: 7 > > Date: Sun, 01 Sep 2002 17:02:23 +0200 (MET DST) > > From: "Mas LIARFO" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: > > > > Hi all, > > > > I've got bad news. > > > > As an individual living in France it seems that I'm > > not allowed to > > "expor= > > t" a software that uses encryption. Not without a > > special Governement > > auth= > > orisation that can take weeks (the software has to be > > evaluated, > > approved = > > and son on...). > > Seems that I'm only allowed to use 128 bits encryption > > (the limit) for > > my= > > personnal and private use only. > > > > FYI, GnuPG and OpenSLL or officialy allowed to be > > used/imported/exported = > > in France only since mid-August 2002 ! > > > > So people planning to implement/use encryption in VNC > > (or others Free > > pro= > > ject) should first be very carefull with the > > legislation of their > > countrie= > > s regarding encryption. > > > > As a consequence, I must cancel the release of eSVNC > > 1.1.2 with > > built-in = > > encryption until I've > > got more informations. > > > > Maybe I will let the source code "encryption ready" > > but without the > > TwoFi= > > sh and MD5 algos > > sources. This way someone allowed could easely release > > an encrypted > > versi= > > on. > > > > I'm currently emailing to people in France that could > > help me on this > > sub= > > ject. > > But there's good chance that the built-in encryption > > in eSVNC is > > borndead= > > . > > > > Anyway, I will continue my developpement effort on new > > features for > > eSVNC= > > and > > a release should occur soon. > > > > And who knows, maybe there's specific permissive laws > > for OpenSource > > sof= > > twares with encryption =3F > > > > > > Sam :-/ > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Finance - Get real-time stock quotes > > http://finance.yahoo.com > > _______________________________________________ > > VNC-List mailing list > > [EMAIL PROTECTED] > > http://www.realvnc.com/mailman/listinfo/vnc-list > > -- > ----------------------------------- > Seth Kurtzberg > M. I. S. Corp. > 1-480-661-1849 > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
