[44859] in Cypherpunks
Re: Solution for US/Foreign Software?
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Dec 6 19:00:27 1995
Date: Wed, 06 Dec 1995 15:36:38 -0800
To: cypherpunks@toad.com
From: Bill Stewart <stewarts@ix.netcom.com>
>>>1. Write a program with limited encryption (40 bit?), with the encryption
>>>module in a file external to the main program.
>>>2. Get export approval for this program.
>>>3. Write a module which replaces the encryption file, increasing key size
>>>to whatever you REALLY wanted in the first place. (128-bit IDEA, 2000-bit
>>>PGP, etc.)
>>>4. Ship that new module with the old software to US customers.
>>>Naturally, that new module will "leak," so anybody who buys the old
Tim May replied
>>"Crypto hooks," basically the scheme you are proposing, were thought of by
>>the authorities and are not a bypass of the crypto export laws.
I had interpreted the suggestion differently - rather than a system with
user-accessible crypto hooks, the manufacturer could ship a binary patch
upgrade for US customers to install. The internal design would presumably
have crypto hooks (i.e. subroutine calls); they can't ban that.
Of course, if you follow this strategy, get export approval for version 1.0,
and ship the US-only patch as 1.1, getting export approval for version 2.0
may be a shade more difficult...
#--
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281
# Anybody notice that Microsoft's Wide Open Road ad has barbed-wire fences
# on both sides of the road?
