Columbia crypto box
Arnold G. Reinhold
reinhold at world.std.com
Wed Feb 12 00:08:58 EST 2003
At 11:21 AM -0500 2/11/03, Trei, Peter wrote:
>...
> >
>I totally agree that WEP has/had problems well beyond the export issue,
>but that's not my point. A product which cannot be exported will not be
>developed, generally speaking.
>
>I quote from AC2 (Schneier), page 615 (which was published in 1996):
>
>"The State Department does not approve of the export of products with
>strong encryption, even those using DES. [...] The Software Publishers
>Association (SPA) has been negotiating with the government to ease
>export license restrictions. A 1992 agreement between them and the
>State Department eased the export license rules for two algorithms,
>RC2 and RC4, as long as the key size is 40 bits or less."
>
>So, it doesn't matter how espionage-enabled CDMF was, if you
>wanted to export crypto for general use, you were stuck with
>RC2 or RC4. This situation eased slightly (to 56 bits) around
>1997, but did not reach today's conditions until 2000. The
>AMMS system cited above dates to 1995.
...
I might add that using RC4 with a key composed of a 40-bit secret and
an IV transmitted in the clear would not necessarily qualify
automatically under that 1992 agreement. It is quite possible that
the foolishly short 24-bit IV in WEP was the result of real or
anticipated pressure from the export control folks.
(It feels weird to be citing Schneier as a historical document).
Indeed, but it is important to remember just how thickheaded the
anti-crypto effort of the '80s and '90s was and how much damage it
did.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list