Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site ulysses.UUCP Path: utzoo!watmath!clyde!burl!ulysses!smb From: smb@ulysses.UUCP (Steven Bellovin) Newsgroups: net.crypt Subject: Re: DES not available outside US? Message-ID: <999@ulysses.UUCP> Date: Sun, 16-Sep-84 21:42:19 EDT Article-I.D.: ulysses.999 Posted: Sun Sep 16 21:42:19 1984 Date-Received: Tue, 25-Sep-84 03:54:46 EDT References: <21bdf834.1de6@apollo.uucp> Organization: AT&T Bell Laboratories, Murray Hill Lines: 24 It is true that one cannot export crypt(3), or presumably other DES implmentations, without a license. Curiously enough, during the debate over whether or not DES was designed to be crackable by NSA, it was pointed out that the key size chosen -- 56 bits, rather than the original proposal of 112 -- was between the size that Commerce would normally approve (<48 bits) and the size they'd block (>64 bits). I confess I do not know why export is restricted. The details are widely available, and the algorithm is clear enough that any halfway competent COBOL programmer could implement it in a day or two. The trick to effective use is probably to build the chips -- and the countries that can do that can also devise encryption schemes of equal strength. (For example, I pulled a random cryptology out of my bookcase ("Cipher Systems", by Beker and Piper), and found a complete description of DES, including tables. Note that this book is published in the U.S., Canada, and the U.K. -- meaning that it's already beyond the reach of the Department of Commerce.) Hmm... There are rumors that once upon a time, the British shipped obsolete cipher machines -- Enigmas! -- to their former colonies, so that they could read traffic of interest. (Kahn, in "The Codebreakers", reports allegations that the U.S. has pulled similar stunts.) Given all of the allegations about how the NSA can crack DES, maybe it's all a Tom Sayer-like stunt to entice folks to use it...