On Thu, Sep 30, 1999 at 10:34:30 +0000, Rene Mayrhofer wrote: > Is RC4 encryption a problem with the US export laws ?
I suspect so. It may depend on the bitsize (IIRC, regular netscape uses 40-bit RC4), but even for the case of an allowed bitsize, an export license might be required. > What about MD4 (it is used as well with mppe and mschap codes) ? MD* are message digests, aka secure hash functions. As such, they don't perform encryption (though there are ways to build ciphers from them). > The additional files 'rc4.h' and 'rc4_enc.c' that are needed for patching > the kernel ppp part have this license and I do not know if they qualify as > DFSG-free software: It looks like they're from SSLeay/OpenSSL, which are DFSG-free. The license is not GPL-compatible though, so they cannot be incorporated into the kernel. A solution would be to make them into loadable kernel modules or coordinate with the www.kerneli.org folks and find GPL-compatible RC4 code somewhere. HTH, Ray -- Obsig: developing a new sig