[Cryptography] FIPS, NIST and ITAR questions
Richard Salz
rich.salz at gmail.com
Tue Sep 3 14:49:49 EDT 2013
> ITAR doesn't require a license or permit for strong hash functions, but for US persons
> require(d?) notification of NSA of authorship, contact email and download URL(s), at least in
> 2006 it did.
That strikes me as an overly-conservative reading of the rules, but
it's been some time since I was involved in this stuff. After all,
there is no key in a hash function. Notification was required for open
source, or a commodity classification for a product that had general
encryption facilities.
If the notification for hash is (still?) required, I believe you can
do it now via a simple phone call. To anyone. #thanks_prism.
/r$
More information about the cryptography
mailing list