[Cryptography] FIPS, NIST and ITAR questions

[Faré]

On Tue, Sep 3, 2013 at 2:49 PM, Richard Salz <rich.salz at gmail.com> wrote:
>> ITAR doesn't require a license or permit for strong hash functions, but for US persons
>> require(d?) notification of NSA of authorship, contact email and download URL(s), at least in
>> 2006 it did.
>
> That strikes me as an overly-conservative reading of the rules, but
> it's been some time since I was involved in this stuff.  After all,
> there is no key in a hash function. Notification was required for open
> source, or a commodity classification for a product that had general
> encryption facilities.
>
> If the notification for hash is (still?) required, I believe you can
> do it now via a simple phone call. To anyone.  #thanks_prism.
>
Can't you trivially transform a hash into a PRNG, a PRNG into a
cypher, and vice versa?

hash->PRNG: append blocks that are digest (seed ++ counter ++ seed)
PRNG->cypher: XOR with data from PRNG
cypher->hash: encrypt(data, constant_key)

Of course, that might not be the best way to construct the most
efficient and most robust versions of the respective functions, but
that might do a decent enough job, and make export restrictions
meaningless.

Or once again, maybe a general problem solver given the specification
of some cryptographic function satisfying some properties could
automatically find a robust enough algorithm, and then it's impossible
to either restrict its export or patent. Now, if each time your solver
is itself run with a different PRNG and seed, it needs to send a copy
of its output to the NSA, things become "interesting".

—♯ƒ • François-René ÐVB Rideau •Reflection&Cybernethics• http://fare.tunes.org
The ultimate result of shielding men from the effects of folly is
to fill the world with fools. — Herbert Spencer