[Cryptography] FIPS, NIST and ITAR questions
radix42 at gmail.com
radix42 at gmail.com
Tue Sep 3 12:54:30 EDT 2013
--Alexander Kilmov wrote:
>--David Mercer wrote:
>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years
>> that require more than the requisite notification email to NSA for
>> download URL and authorship information? Figuring this one out last
>> time around took looootttttttssssss of reading.
>I used to believe that hashing (unlike >encryption) was not considered
>arms.
>--
>Regards,
>ASK
Its a common misconception. ITAR doesn't require a license or permit for strong hash functions, but for US persons require(d?) notification of NSA of authorship, contact email and download URL(s), at least in 2006 it did. Often observed in the breach as it were, but some need care more about the letter of the law than others. I'm mostly curious if that requirement has gotten more or less stringent.
Thanks, that NIST list looks like the one I need.
-David Mercer
David Mercer
Portland, OR
More information about the cryptography
mailing list