On 11 Aug 2015, at 3:00pm, Rob Willett <rob.sqlite at robertwillett.com> wrote:
> I recall that it used to be that 40 bit RC4 was OK and I *think* that the bit
> length is now longer (128bit?) as it has been shown that 40 bit RC4 is as
> much use as a chocolate fireguard.
While it is allowable to export software incorporating short key lengths, it
can still be necessary to register. And the registration (which can require
yearly reregistration) is extra annoying work to go through. It's difficult
even to figure out how the software should be registered. And it can involve
lawyers, which is expensive.
I prefer Dr Hipp's argument that to incorporate RC4 encryption SQLite would
have to actually be able to encode stuff using RC4, and it can't. It just uses
one of the algorithms specified in RC4 to pick random numbers.
The encrypting addon to SQLite ('SEE') is, of course, another matter, and
encryption code from it is not incorporated into normal SQLite.
Simon.
