[Cryptography] On 40-bit encryption

[ianG]

On 22/08/2014 21:32 pm, Tom Mitchell wrote:
> On Fri, Aug 22, 2014 at 11:19 AM, Bear <bear at sonic.net
> <mailto:bear at sonic.net>> wrote:
> 
>     On Wed, 2014-08-20 at 21:49 -0400, Jerry Leichter wrote:
> 
>     > Oh, but you could check.  Someone form Iran or North Korea trying to
>     > download the strong build would be required to set the Evil bit on all
>     > their packets.
> 
>     Actually, I think the crypto export security theatre was probably
>     responsible for
> 
> 
>  
> The tipping point I saw was the asymmetry in the law that permitted
> importing into the US
> crypto binaries with strong key lengths.  At the same time export was
> illegal.  Also printed
> books were sheltered by freedom of speech protections so the "secret"
> was no longer
> a secret and was available to anyone who could type code and debug typos.
> 
> There was also a growing trend to have engineering teams in foreign lands
> that had no US talent as well as legal frameworks so the crypto bits 
> never were exported. 
> 
> So the cat was clearly out of the bag and more troubling to some the
> talent pool
> was under the control of the other guys.


There was an article printed in I think _Foreign Affairs_ from a long
time ago that was found and referenced by (IIRC) Ross Anderson by some
crypto warriors.

In there was an anecdote about the games they played with the South
Africans.  They stopped crypto exports to them.  But then the South
Africans started developing an indigenous capability.  So the NSA opened
up the crypto exports again in order to squash the local companies.

Take-away:  it's as much economic as a technical war.


iang

ps; if anyone can find that article, please post.  It's a great view of
the inside tactics.