Revision of US Crypto Export Controls
Bill Stewart
bill.stewart at pobox.com
Fri Dec 12 13:32:16 EST 2003
It's nice to see that, five+ years after the DES crack and
a month after the RSA-576 challenge was broken
(and rather longer since 512-bit cracks),
and as spread-spectrum phones and data cards are under $50
and wireless security has become a major industry concern,
that our government still cares enough to protect us by
limiting export of those technologies so the Commies don't get them...
I guess the FreeS/WAN project still needs to stay outside the US.
Bill Stewart
At 05:08 AM 12/11/2003 -0800, John Young wrote:
>On December 10, 2003, the Bureau of Industry and Security issued
>a final rule to revise the Commerce Control List which regulates
>export of US technologhy. Below are excerpts involving encryption.
>The full rule:
>
> http://cryptome.org/bis121003.txt
>.....
> a.1.a. A ``symmetric algorithm'' employing a key length in
>excess of 56-bits; or
> a.1.b. An ``asymmetric algorithm'' where the security of the
>algorithm is based on any of the following:
> a.1.b.1. Factorization of integers in excess of 512 bits (e.g.,
>RSA);
> a.1.b.2. Computation of discrete logarithms in a multiplicative
>group of a finite field of size greater than 512 bits (e.g., Diffie-
>Hellman over Z/pZ); or
> a.1.b.3. Discrete logarithms in a group other than mentioned in
>5A002.a.1.b.2 in excess of 112 bits (e.g., Diffie-Hellman over an
>elliptic curve);
> a.2. Designed or modified to perform cryptanalytic functions;
> a.3. [RESERVED]
> a.4. Specially designed or modified to reduce the compromising
>emanations of information-bearing signals beyond what is necessary
>for health, safety or electromagnetic interference standards;
> a.5. Designed or modified to use cryptographic techniques to
>generate the spreading code for ``spread spectrum'' systems,
>including the hopping code for ``frequency hopping'' systems;
> a.6. Designed or modified to use cryptographic techniques to
>generate channelizing or scrambling codes for ``time-modulated
>ultra-wideband'' systems;
> a.7. Designed or modified to provide certified or certifiable
>``multilevel security'' or user isolation at a level exceeding Class
>B2 of the Trusted Computer System Evaluation Criteria (TCSEC) or
>equivalent;
> a.8. Communications cable systems designed or modified using
>mechanical, electrical or electronic means to detect surreptitious
>intrusion.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list