[NTLUG:Discuss] OT: Cryptography Key Length
Gilbert Morrow
gkfmorrow at gmail.com
Mon May 28 14:58:43 CDT 2007
http://www.theinquirer.net/default.aspx?article=39889
Might just do away with 128 bit encryption .
On 5/28/07, John Thomas <j.a.thomas at sbcglobal.net> wrote:
>
>
>
> John K. Taber wrote:
> > On Sat, 2007-05-26 at 16:28 -0500, Dennis Rice wrote:
> >
> >>Just wanting to start a general topic discussion regarding encrypting of
> >>a message. I am assuming that all have some familiarity with GPG (alias
> >>PGP) in the open source world.
> >>
> >>The old legal limits to encryption using a symmetric key was 56 bits,
> >>and is now 128 if I understand correctly. Today, I am under the
> >>impression that an asymmetric key is equivalent to a shorter symmetric
> key.
> >>
> >> snip...
>
> > snip...
> >
> > There is no legal basis for proscribing or prescribing key lengths. That
> > is a common misunderstanding in the technical world. However, EXPORTING
> > strong encryption, which may be nothing more than a huge keylength, may
> > be another matter, and may fall under ITAR.
> >
> > The commercial need for encryption is so great and so obvious that
> > eventually the government relaxed some of its earlier restrictions on
> > "export" of cryptographic systems and keylengths. For certain uses, and
> > certain keylengths no licensing is now required. For example, PINs on
> > banking transactions. There was a lot of negotiating back and forth on
> > this, and I am admittedly not up to date.
> >
> > For more information you should ask on the Usenet newsgroup sci.crypt. I
> > think you will get better advice there, at least on the technical
> > issues. For the legal issues, though, please see your lawyer.
> >
> I have also studied this issue from a legal standpoint.
> Mr. Taber is correct. There is no legal bar in the US to creating key
> lengths of any size. The only issue is the regulation of exports of
> software or systems for cryptography.
>
> --
> _______________________
> John Thomas
> 972-660-1823 H
> 972-419-8378 W
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list