> ----------
> From: Anonymous[SMTP:[EMAIL PROTECTED]]
>
> >look no further than DES. Whit Diffie (see his forward to 'Cracking
> >DES') was speculating about bruting DES from *before* the day it
> >was published in 1975. Read Weiner's 1993 paper on building
>
> Last year I heard Diffie say (at PECSENC meeting) that
>
> "Exportable means breakable"
>
> AES is exportable, I assume.
>
You assume wrong. The limit on general export is still at 56 bits,
which we know to be inadequate. Unlimited strength is exportable
for certain purposes, all of which seem to involve B2B or B2C rather
than C2C or C usage (ie, one of the parties is easily tracked down if
the authorities decide they're being naughty).
That's for commercial products. There's a complex and byzantine
set of regs concerning open source projects and source code,
which I'm glad to say the courts are slowly agreeing to be
unconstitutional.
AES candidates are required to work with a variety of keylengths:
specifically 128, 192, and 256 bits (they are allowed to work with
longer or shorter keys as well).
Any commercial product which used AES with keys longer than
56 bits is not exportable for general encryption uses - eg a crypto
library, or a unescrowed disk encryptor.
> Do you agree with Diffie ?
>
In general terms, yes.
Peter Trei
(usual disclaimer)
