Cryptography-Digest Digest #840, Volume #9 Wed, 7 Jul 99 14:13:02 EDT
Contents:
US Laws on DES Crypto Distribution? (David Kessner)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Patrick Juola)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Non Shareware Encription/Decription sources ([EMAIL PROTECTED])
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: DES-NULL attack ([EMAIL PROTECTED])
Re: extending a hash ([EMAIL PROTECTED])
Re: US Laws on DES Crypto Distribution? (Mok-Kong Shen)
Crypto Books on CD-ROM ("H. Ellenberger")
Re: I don't trust my sysadmin (Vernon Schryver)
Re: Summary of 2 threads on legal ways of exporting strong crypto ([EMAIL PROTECTED])
Re: US Laws on DES Crypto Distribution? (John Myre)
Re: Summary of 2 threads on legal ways of exporting strong crypto ([EMAIL PROTECTED])
Re: Summary of 2 threads on legal ways of exporting strong crypto ([EMAIL PROTECTED])
Re: Summary of 2 threads on legal ways of exporting strong crypto ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: David Kessner <[EMAIL PROTECTED]>
Subject: US Laws on DES Crypto Distribution?
Date: Wed, 07 Jul 1999 09:24:04 -0600
Once upon a time, I thought that I understood the laws
on distributing crypto hardware/software. But with all
the talk on capital hill this past year, I have lost track of
it all.
I designed a hardware DES encryption/decryption engine
in VHDL, and I would like to make the source code freely
availble on the Web for anyone to download. But, I would
not like to be sued, put in jail, audited (the NSA and the IRS
are in league, right?), etc...
So, what are the laws that apply to this?
For your amusement. The specs on my DES engine are:
Written in VHDL
60 MHz on a Xilinx Virtex XCV200-6
457.76 megabytes/second
Single DES only (Triple DES is possible, but 3x slower)
Oh, and if you didn't figure it out by now, I live in the US.
Thanks in advance!
David Kessner
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: 7 Jul 1999 11:33:23 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>>
>
>> Mail the paper to someone, he puts it up on *his* (foreign) site,
>> and then you publish the address?
>>
>> This one might work. The problem is that the law w.r.t. web publishing
>> and web links is new and subject to a lot of sudden revisions; for
>> example, publishing a link to material that infringes copyright is
>> also (under case law) an infringement -- or even publishing an
>> unauthorized link to a legitimate site. Of course, this is copyright
>> law and not cryptography export regs.
>>
>> This one looks solid enough to ask a Real Lawyer about.
>
>Thank you. As to copyright, I suggested previously that the author
>claims copyright but adds that any copying is free provided the copy
>is done in its entirely. So that's no problem.
No, no. You don't understand. My point is that there *is* legal
precedent that a link (and by extension a reference) may violate
even when the object of the link does not -- so you might find yourself
accused of violating the crypto regulations *by publishing the link*.
Of course, you could (possibly) try using several links of indirection;
point to a discussion group (offshore) that just happens to have a link
to your code.... But, again, the key is *INTENT* and not just whether
you have a clever technique.
-kitten
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 17:21:07 +0200
Patrick Juola wrote:
>
> Mail the paper to someone, he puts it up on *his* (foreign) site,
> and then you publish the address?
>
> This one might work. The problem is that the law w.r.t. web publishing
> and web links is new and subject to a lot of sudden revisions; for
> example, publishing a link to material that infringes copyright is
> also (under case law) an infringement -- or even publishing an
> unauthorized link to a legitimate site. Of course, this is copyright
> law and not cryptography export regs.
>
> This one looks solid enough to ask a Real Lawyer about.
Thank you. As to copyright, I suggested previously that the author
claims copyright but adds that any copying is free provided the copy
is done in its entirely. So that's no problem.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Non Shareware Encription/Decription sources
Date: Wed, 07 Jul 1999 15:29:31 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Dana Mah wrote:
> >
> > I'm looking for source for non Shareware encryption/decription
routines.
> > It is for commercial use therefore freeware or shareware is not
> > acceptable
>
> I am interested to learn why freeware is not acceptable? Because
> freeware is by 'definition' bad?
I wonder if the original poster wants really? Do they know about
cryptography? Do they know how to actually handle the algorithm?
Seems just plugging in some algorithm fixes all their problems... :)
Why not just xor a binary counter if you don't know what you are doing
it might be just as good.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 18:17:03 +0200
Patrick Juola wrote:
>
> No, no. You don't understand. My point is that there *is* legal
> precedent that a link (and by extension a reference) may violate
> even when the object of the link does not -- so you might find yourself
> accused of violating the crypto regulations *by publishing the link*.
>
> Of course, you could (possibly) try using several links of indirection;
> point to a discussion group (offshore) that just happens to have a link
> to your code.... But, again, the key is *INTENT* and not just whether
> you have a clever technique.
I have considered that point. That's why I suggested in the original
post to be conservative and only use a reference (URL minus 'http://').
That's not a link (mouse click doesn't function). I argued previously
that such a reference is the same as a literature reference in a
scientific paper and can't be forbidden by law. (As also said, there
is hope that even a link could be o.k., since NIST has links to
strong crypto outside of US in the case of AES.)
M. K. Shen
M. K. Shen
------------------------------
Date: Wed, 07 Jul 1999 00:35:10 -0400
From: [EMAIL PROTECTED]
Subject: Re: DES-NULL attack
S.T.L. wrote:
>
> <<In his attempt to cast doubt on RSA, he announced an attack in which one
> encrypts EVERY POSSIBLE PLAINTEXT with the public key, and just uses this list
> as a huge lookup table when given a ciphertext. Assuming a 1024-bit modulus>>
>
> Well, that's simply 2^1023 1024-bit plaintexts and 2^1023 smaller plaintexts.
> _To be conservative_, I will only consider the 1024-bit plaintexts (read: I
> don't feel like totalling up those other bits). So, that's 1024*2^1023 bits =
> 2^1033 bits. Now, a mole of Hydrogen atoms (not molecules) weighs 1.00794 grams
> and contains 6.0221367x10^23 atoms. Say we have a storage machine of the gods.
> It can store, say, a TERABYTE of information on a single Hydrogen atom.
> 2^1033 bits / (2^43 bits/atom) = 2^990 Hydrogen atoms.
> 2^990 atoms / (6.0221367x10^23 atoms/mole) = 1.73758115489x10^274 moles.
> 1.73758115489x10^274 moles * 1.00794 grams/mole = 1.75137754926x10^274 grams.
> That is, by the way, 1.75x10^271 kilograms. For comparison, the Earth is a
> measly 6x10^24 kg. Continuing on,
> A mole of Hydrogen atoms at STP occupies 22.4 Liters. Say we can compress this
> baby to a TRILLION atmospheres (producing solid metallic hydrogen and who knows
> what else). Now, said mole of Hydrogen atoms occupies 2.24x10^-11 liters.
> 1.73758115489x10^274 moles * 2.24x10^-11 liters/mole = 3.89218x10^263 liters.
> Whoo hoo. That is, by the way, 3.8922x10^260 cubic meters. Now, let's figure
> out how many cubic lightyears that is. After a little math, we see that this
> storage device of the gods occupies 4.5967x10^212 cubic lightyears. That is, by
> the way, (using the generally accepted value of the age of the universe, about
> 15 billion years), 1.362x10^182 times larger than the volume of the entire
> observable universe.
>
> In conclusion, this storage machine of the gods:
> Needs to be able to write a terabyte on a Hydrogen atom.
> Needs to store its hydrogen atoms at a trillion atmospheres, without losing
> track of any of them. (I will *not* compute the size of a FAT for such a
> device!)
Forget the FAT. Calculate the Schwartzchild limit.
> Needs to be massively larger than the universe.
> Needs to be massively massive.
>
> Final conclusion: Alex is a kook.
>
> Moo-Cow-ID: 2 Moo-Cow-Message: have
>
> -*---*-------
> S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^6972593 - 1 IS PRIME!
> Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
> "Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
> E-mail block is gone. It will return if I'm bombed again. I don't care, it's
> an easy fix. Address is correct as is. The courtesy of giving correct E-mail
> addresses makes up for having to delete junk which gets through anyway. Join
> the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
> .sig is shorter and contains 3395 bits of entropy up to the next line's end:
> -*---*-------
>
> Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
> Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
> Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
> Alliance, and People for the Ethical Treatment of Digital Tierran Organisms
> Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
> Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
> "World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
> "When Tidal Forces Attack: Caught on Tape"
> Patiently awaiting the launch of Gravity Probe B and the discovery of M39
> Physics Commandment #12: The Weak Force Is Carried By W+, W-, and Z0 bosons.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: extending a hash
Date: Wed, 07 Jul 1999 16:14:00 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> No.
> Consider the message "AAAAAAAA"
> Both the 1st and 2nd parts will be the same.
>
> Better is:
> 1st 160 = sha(1 + all plain text + 1)
> 2nd 160 = sha(2 + all plain text + 2)
>
> (plus denotes concatenation)
Not really. What if your message is only 5 chars? What if there is a
collision? Generally you should not use this to extend a hash much. I
would use counter modes if you really need some output...
It's possible to have the output the same in your method as well.
Consider a 320 bit message. There will be (should be) 2^160 messages
that will hash to any 160-bit output. So it still possible to have the
two outputs come to the same output...
If you want a 320 bit hash I would use way more rounds and expect to
see some drastic changes...
Anyways,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: US Laws on DES Crypto Distribution?
Date: Wed, 07 Jul 1999 18:24:56 +0200
David Kessner wrote:
>
> I designed a hardware DES encryption/decryption engine
> in VHDL, and I would like to make the source code freely
> availble on the Web for anyone to download. But, I would
> not like to be sued, put in jail, audited (the NSA and the IRS
> are in league, right?), etc...
You might be interested to read the ongoing discussions in a thread
initiated by me:
Summary of 2 threads on legal ways of exporting strong crypto
It seems that the first scheme described by me is o.k. (according to
the momentarily status of the discussions there, but you are advised
to wait till the end of the discussions).
M. K. Shen
------------------------------
From: "H. Ellenberger" <[EMAIL PROTECTED]>
Subject: Crypto Books on CD-ROM
Date: Wed, 07 Jul 1999 17:27:24 +0200
I have the impression that DDJ displays a high ethical level
in their
editorials, but obviously the publisher does not live up to
the same
standards.
Wim Lewis wrote:
> In article <7lqjj1$[EMAIL PROTECTED]>,
> Wil Baden <[EMAIL PROTECTED]> wrote:
> >I do not have a credit-card. How can i order this?
>
> Do you have a checking account? I received what I assume is the same
> solicitation as <castor>'s, and it has the usual "pay by check / pay
> by credit card" checkboxes. I assume they'd accept money orders and the
> like as well. Try 1-800-228-2700 or [EMAIL PROTECTED]
>
> --
> Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: I don't trust my sysadmin
Date: 7 Jul 1999 09:11:47 -0600
In article <7lvjh7$bed$[EMAIL PROTECTED]>,
Patrick Juola <[EMAIL PROTECTED]> wrote:
> ...
>>No, those don't work either. I've seen a commercial UNIX system certified
>>by the U.S. government, and I don't mean the easy stuff but full MAC
>>(mandatory access controls), capabilities, and so forth.
>
>Hmm. I think that one of the problems with the system you describe
>is that it wasn't secure *enough*. The DoD has created a set of
>guidelines (the so-called Orange Book, more formally the Trusted
>Computer System Evaluation Criteria) describing a half-dozen levels
>of increasing security.
>
>The problem (and I think your tale makes that woefully apparent)
>is that the useful levels are almost impossible -- in the case of
>B2 and beyond, *formally* impossible -- to retrofit onto an existing
>(insecure) system. Unix can never be made more secure than B1 because
>the basic security policies don't permit. And the B1 systems themselves
>are a total mess, partially because they're a series of kluge upon
>kluge in an attempt to secure what is fundamentally a leaky sieve.
It is true that you cannot simply glue stuff on the outside of UNIX to
get it certified. The UNIX system I'm talking about was heavily modified.
Every interface was mangled--er--examined and changed as necessary. Every
access to a file or other data was fitted with auditing and MACs. You
name it, and it was probably touched, including odd corners like the format
of /etc/inetd.conf. Many internal kernel functions had extra args. In
the first years, the secure version of the system was mostly based a
million bazillion ifdefs. The normal version did not have the extra grot
on the tapes and (eventually) CDROMs.
>You can buy more secure systems; I've never heard of an A1 system (the
>highest level), but B2 and B3 *are* available. They just don't run
>Unix.
You are mistaken, unless you mean essentially unmodified UNIX. That outfit
sold and still sells the DOD many $M of certified UNIX systems, along with
so called super computers. I don't remember which B#'s; "B2" sounds
familiar, but it might have been 1 or 3. I don't know much about the
details of the certification stuff, but your statement that there is no
such thing as A1 sounds familiar.
> So you can get real, usable, security at the expense of an
>operating system that no one knows and that's incompatible with everything.
No, the system I'm talking about was still nominally one of the big-5
commercial UNIX boxe. The security stuff does get in the way when it's
present and on, which is one reason why there are magic knobs to turn it
off. For example, as I recall you could type `ls` to a shell, but the
results were disconcerting. Another reason the knobs existed was to allow
installing software. As far as the model is concerned, replacing an FDDI
driver to fix a DMA data corruption bug is no different from replacing it
with a version that snoops on physical memory and sends occassional packets
of interesting bits. Yes, the installed secure systems were not connected
to any useful networks, which is why I had to make real instead of virtual
field trips.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
Date: Wed, 07 Jul 1999 00:56:05 -0400
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Patrick Juola wrote:
>
> In article <[EMAIL PROTECTED]>,
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >What is the exact meaning of 'Exporting arbitrary sequences isn't
> >illegal, so long as you don't violate the law'?? Could you elaborate,
> >perhaps with an example? It sounds to me like 'Exporting something
> >that doesn't violate the law isn't illegal', which is a tautology.
> >
> >I suppose you (and some other discussion partners) claim that because
> >a sentence is not written normally (with upper case at the beginning
> >and lower case elsewhere excepting the first letter of proper names),
> >it doesn't pass as a normal sentence by the court. I can't exclude
> >that. But I believe that there is a pretty good chance that it can't
> >be shown formally and rigorously that employing upper and lower case
> >letters arbitrarily is against certain existing laws.
>
> It doesn't need to be shown formally and rigorously in that form.
> The prohibition isn't on using a particular encryption/steganographic
> message. The prohibition is, bluntly, on exporting cryptographic
> technology. The method that you use is irrelevant.
>
> Let me give you an example. There is, to the best of my knowledge,
> no prohibition on my placing arbitrary objects in the heel of my shoe
> and carrying them across an international border. I could carry
> British 20p pieces all over the world in a boot heel without fear.
> On the other hand, there *is* a prohibition on transporting drugs,
> *irrespective* of how they're transported. And you'd never get a lawyer
> or a judge to accept that just because you could, in theory, transport
> a coin, that it somehow makes it acceptable to transport heroin.
While I agree with the principles you have described, the concluding
sentence might have a loophole in it. Given the stupidity of the
existing regulations regarding crypto export you might find a
sympathetic judge who would want to rule in your favor. In that case
you are not required to show that you have not violated the law. All
you have to do is give the judge an excuse to hang his decision upon.
Since your original example used coins & heroin as distinct cases, we
may profitably observe that there are a large number of judges who have
been removed from any role in drug cases because they have declared that
they will use any excuse to avoid convicting citizens under the drug
laws.
In that light all that is necessary is that the representation of the
crypto source code be "close enough" to constitutionally protected
speech for a sympathetic judge to hang a decision on it.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: US Laws on DES Crypto Distribution?
Date: Wed, 07 Jul 1999 10:35:17 -0600
This response has nothing whatever to do with legal matters
(sorry) but still, you might find it interesting. The following
news bit announces an advance in hardware DES speed:
http://www.sandia.gov/media/NewsRel/NR1999/encrypt.htm
It's for general consumption so there aren't many hard
details. It doesn't seem like rocket science, more like
a benchmark for state-of-the-art in ASIC speed. If I
understand the article correctly, it is a pipelined
design (one stage per DES round), and they claim to run
at 6.7 billion bits per second (or faster).
David Kessner wrote:
<snip>
> I designed a hardware DES encryption/decryption engine
> in VHDL, and I would like to make the source code freely
> availble on the Web for anyone to download. But, I would
> not like to be sued, put in jail, audited (the NSA and the IRS
> are in league, right?), etc...
>
> So, what are the laws that apply to this?
>
> For your amusement. The specs on my DES engine are:
> Written in VHDL
> 60 MHz on a Xilinx Virtex XCV200-6
> 457.76 megabytes/second
> Single DES only (Triple DES is possible, but 3x slower)
>
> Oh, and if you didn't figure it out by now, I live in the US.
>
John M.
------------------------------
Date: Wed, 07 Jul 1999 01:07:22 -0400
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Patrick Juola wrote:
> Don't get me wrong -- I don't like the export regs any more than you
> do and I think they're dumber than yeast. But I don't think you'd get
> anyone -- especially not lawyers and jurymen -- to accept that English
> text by the mere fact of being English is exportable.
I think there is a case to be made for translated source code. By
translated I'm distinguishing encodings in pixels, capitalization, etc.,
i.e., syntactic mangling, from semantic transforms. The Bernstein case
is interesting because he claimed the source code itself was a form of
protected speech. We can come at it from a different direction and
reach the same haven: protected speech.
Clearly it is possible to sanitize a module of source code into
specifications so that another writer, with no access to the original
code, can create new software (as opposed to *re*creating the original
software) with the same capabilities.
Somewhere between sanitization as used in BIOS development and simple
encodings lie semantic translations. The fact that a semantic
translation of "C" can be mechanized should not weaken the fact that
translated source code is english text, and thus protected speech.
>
> >The encoded file will have numerous repetitions of the same sentences.
> >But can the authority forbid that? (Can the authority prescribe what
> >style of writing I must use? Does any law forbid that I repeatedly
> >say one and the same thing many many times? What if the book I use
> >is a religious one? Can an authority forbid my repeated citation
> >of the same sentences from a holy book?)
>
> Yes -- as a method of getting around export regs. An authority can't
> tell me what kind of shoes to wear, but it can forbid my wearing
> shoes with a concealed compartment full of heroin.
>
> -kitten
------------------------------
Date: Wed, 07 Jul 1999 01:11:29 -0400
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Bo Dömstedt wrote:
>
> [EMAIL PROTECTED] (Isaac) wrote:
> >English text on paper is exportable. No 'open' encoding required.
> >This means print outs of source code can be hand carried or mailed
> >overseas while electronic transmission of the exact same material
> >without an export license is illegal.
> /.../
> Referring to that the PGP people had severe problems scanning the
> resulting pile of paper, I have a software that encodes the input
> before printing, that will make your life much easier.
Be careful here. If you export something that a judge or jury will not
consider "speech", i.e., human->human communication, you may lose the
first amendment protection and be back in trouble.
>
> Bo Dömstedt
> Protego Information AB
> www.protego.se
------------------------------
Date: Wed, 07 Jul 1999 00:58:57 -0400
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
fungus wrote:
>
> Patrick Juola wrote:
> >
> > It doesn't need to be shown formally and rigorously in that form.
> > The prohibition isn't on using a particular encryption/steganographic
> > message. The prohibition is, bluntly, on exporting cryptographic
> > technology. The method that you use is irrelevant.
> >
>
> Correct.
>
> If you make some crypto software, and somebody outside the USA is
> found to own a copy of that software, then an offense has been
> committed. How the software arrived there doesn't matter.
No.
It is legal to export printed versions of the source code. Existence of
identical software is _not_ grounds to conclude that an offense has been
committed.
>
> Algorithms, etc., may be protected free speech, but executable
> programs are not. Executable programs, in any form, are export
> controlled.
>
> --
> <\___/>
> / O O \
> \_____/ FTB.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
