Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site ulysses.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!smb
From: smb@ulysses.UUCP (Steven Bellovin)
Newsgroups: net.crypt
Subject: Re: DES not available outside US?
Message-ID: <999@ulysses.UUCP>
Date: Sun, 16-Sep-84 21:42:19 EDT
Article-I.D.: ulysses.999
Posted: Sun Sep 16 21:42:19 1984
Date-Received: Tue, 25-Sep-84 03:54:46 EDT
References: <21bdf834.1de6@apollo.uucp>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 24

It is true that one cannot export crypt(3), or presumably other DES
implmentations, without a license.  Curiously enough, during the debate
over whether or not DES was designed to be crackable by NSA, it was
pointed out that the key size chosen -- 56 bits, rather than the
original proposal of 112 -- was between the size that Commerce would
normally approve (<48 bits) and the size they'd block (>64 bits).

I confess I do not know why export is restricted.  The details are
widely available, and the algorithm is clear enough that any halfway
competent COBOL programmer could implement it in a day or two.  The
trick to effective use is probably to build the chips -- and the
countries that can do that can also devise encryption schemes of equal
strength.  (For example, I pulled a random cryptology out of my bookcase
("Cipher Systems", by Beker and Piper), and found a complete description
of DES, including tables.  Note that this book is published in the U.S.,
Canada, and the U.K. -- meaning that it's already beyond the reach of
the Department of Commerce.)

Hmm...  There are rumors that once upon a time, the British shipped
obsolete cipher machines -- Enigmas! -- to their former colonies, so
that they could read traffic of interest.  (Kahn, in "The
Codebreakers", reports allegations that the U.S. has pulled similar
stunts.)  Given all of the allegations about how the NSA can crack DES,
maybe it's all a Tom Sayer-like stunt to entice folks to use it...