[7320] in Kerberos
Re: US Export Restrictions
daemon@ATHENA.MIT.EDU (Joe Kovara)
Tue May 21 06:53:46 1996
To: kerberos@MIT.EDU
Date: Tue, 21 May 1996 00:52:38 GMT
From: joek@CyberSafe.com (Joe Kovara)
barr@math.psu.edu (Dave Barr) in comp.protocols.kerberos wrote:
>I heard a rumor that this number was raised to 56 bits recently.
>Can anyone confirm this?
Basically: No. But it depends on the strength of the crypto. Yes for DES if
the key has 40-bit effective strength. IBM's CDMF has this attribute: it is a
56-bit key that's been munged down to 40-bit strength (the munging involves more
than simply masking key bits). No for DES otherwise.
I suppose the NSA would allow you to export a system with any length key if the
underlying crypto was weak enough. However, any crypto that doesn't fall into
the "well understood" category requires a company-by-company approval--even if
another company has already obtained export approval for the same thing. This
can take (and I paraphrase here) "up to two years, with no guarantees".
Regards,
Joe Kovara / CyberSafe Corp. / joek@cybersafe.com
