At 01:54 PM 05/16/2000 -0600, Anonymous wrote:
>>look no further than DES. Whit Diffie (see his forward to 'Cracking
>>DES') was speculating about bruting DES from *before* the day it
>>was published in 1975. Read Weiner's 1993 paper on building
>Last year I heard Diffie say (at PECSENC meeting) that
>"Exportable means breakable"
>AES is exportable, I assume.
>Do you agree with Diffie ?
The rules have changed since Diffie made that statement;
at the time it was definitely true, except to the extent
that special people could get special permission for limited-use exports
(e.g. banks could export 3DES gear, because the Feds understand that
they don't want large amounts of money to leak away, and because
banks have to tell the Feds whatever they want anyway.)
The current rules, as Peter points out, are confusing and byzantine,
but almost anybody can export real crypto almost anywhere now,
at least if they get permission, which the Feds are supposed to grant.
The AES candidates were designed in a reasonably open process,
with the expectation that the export rules would either fall entirely,
or else be relaxed at least to the point that banks and big companies
could export crypto. The openness was partly for the usual crypto reasons
(can't trust something that hasn't been well-analyzed), and partly to
avoid the decades of FUD about secret NSA backdoors that plagued DES.
Some of the design teams even have (gasp!) non-Americans in them.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
