[Crypto] Re: ftp.kernel.org vs. ftp.funet.fi

Evan Jeffrey (ejeffrey@eliot82.wustl.edu)
Sat, 19 Apr 1997 13:51:19 -0500

According to: "Joshua E. Hill" <jehill@w6bhz.calpoly.edu>
>James Mastros said:
>> Libc is
>> not covered by ITAR, and I don't think it is covered by EAR, since it uses a
>> 64 bit key, which is legal for export.
>hmmm... Granted, I don't know to what portion of libc you refer, but I
>can say that 64 bit symmetric key algorithms are _not_ exportable. The
>US government only recently said that 56 bit key algorithms could be
>exported, and that was only if the company agreed to develop and market
>"key recovery" (GAK) solutions which would have to be done within 2 years.

Well, the only cryptography related stuff in libc is "crypt" which is not a
symetric algorithm and is used only for authentication (ie password
checking) I believe that this is legal for export, especially since it has
been demonstrated that in many cases it isn't very hard to break... As a
side note, crypt only uses the low 7 bits of an 8 character password as the
key, that make 56 bits, not 64.