John Kelsey said, in a list of what people do wrong in crypto:
> e. In exportable systems, you have to use the salt
> correctly. If you just use a 40-bit key, you end up
> vulnerable to various kinds of precomputation attack.
>
> f. In exportable systems, you have to separate the keys
> used for data integrity from the keys used for data
> encryption. The encryption keys have to be weakened, but
> the integrity keys (for MACs or signatures) need to be kept
> at full strength.
John, what are you talking about?
Even assuming you'd want to write a cryptosystem in the US and export
it -- a silly idea if I ever heard one, it just causes endless
trouble -- there's no reason to limit yourself to 40 bits!
Step 1:
Export jobs, not crypto. Full strength crypto is exportable;
you just have to select the right jurisdiction to export it
from. Many countries care more about their citizens' privacy
and rights than about the efficiency of their wiretap
bureacracies.
Step 2 (for those who can't grasp Step 1):
56-bit DES is known to be insecure, therefore you can export it.
-- John
