Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

gnat (29)

  (email not shown publicly)

Journal of gnat (29)

Friday January 18, 2002
04:28 PM

Weakened Encryption Export Regs

[ #2245 ]
New Scientist reports that the files from Al Qaeda computers were encrypted with 40-bit DES. Nobody is asking whether opening up crypto export regs was a smart move. And if we question encryption regulations, it's only logical to question supercomputer exports as well.


The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Nathan, (as the expert in the article says) reintroducing stronger encryption regulations is not the solution, not even part of a solution.

    I'm pretty certain there were several laws and regulations in place prohibiting flying jumbojets into skyscrapers, and look how much that helped.
    • The funniest (saddest?) thing about crypto regs are that *anyone* who knows what they are doing can get their hands on the strongest crypto available to people in the U.S. If I am allowed to get it, they can get it. It's painfully simple. All crypto regulations do is keep American businesses from making money overseas. They don't actually stop bad people from getting ahold of these things in the slightest.
      • I really dislike the export controls, but this does demonstrate that they had an effect that can sometimes be construed as positive.

        While knowledgeable people could get strong encryption, this case demonstrates that some people are not knowledgeable.

        The key issue is: When the person who foolishly chooses 40-bit encryption is a genuine black hat, the export restrictions have proven useful. Of course, whenever it is a white hat who is foolish - they have proven detrimental. I've sure that the tradeoff i
        • While knowledgeable people could get strong encryption, this case demonstrates that some people are not knowledgeable.

          Yes, but the laws of law enforcement dictate that dumb crooks are easier to catch regardless. :) Is it possible that there will be encrytped info that we would not otherwise be able to get that, if gotten, could save a lot of lives? Yes. Is that likely? No, no it isn't. We've picked up videotapes of them describing what they've done and what they will do. We've seen faces of people a
      • That's the irony of laws: they keep honest people from breaking them. The bad guys don't give a shit, honestly.

        And yes, thanks to the US crypto regulations, there's quite a healthy crypto software industry in Europe.

        To limit crypto I suggest building a time machine and killing all those pesky ancient Greeks, thinking about primes...
  • I didn't see many folks - other than the Law Enforcement and Intelligence communities - clamoring to keep them in place. Most of the vocal folks demanded they be lifted - it's too late to point the finger at the government on this one.
  • The EFF ITAR archive [] is a nice tour through crypto export restrictions through the years. Bruce Schneier [] wrote a wee bit after 11 Sept. about the possible restrictions on crypto in the future but this was also before there were any confirmed uses of crypto by OBLs people. I wouldn't be surprised to see ITAR or other legislation come back in full force even though it is pure folly.