XRAYSROK@SBCCVM.BITNET (Steven C Woronick) (12/20/89)
IA96000 <IA96@PACE> (name unknown, employee of "SWE"?) writes: >SWE first suspected and tested for the public key encryption method >for several reasons. The major reason was the lack of access people >outside of the United States would have to the DES encryption formula. > >For those not aware, the U.S. Government guards the DES formula, and >software which makes use of this formula may not be exported out of >the United States. Should it turn out that the DES formula was also >used, the authors of the AIDS "trojan", could possibly be prosecuted >under United States statutes pertaining to national security. Please correct me if I'm wrong, but isn't DES or DES-like encryption algorithms readily available? For example, the book "Numerical Recipes, The Art of Scientific Computing," by W.H. Press, B.P. Flannery, S.A. Teukolsky, and W.T. Vetterling, published by Cambridge University Press, (c)1986, p. 214-220 gives an algorithm for DES (two and one half pages of highly-inefficient FORTRAN-like code). Admittedly, the authors state that their program is not genuinely DES (since the standard itself explicitly states that any implementation in software is not secure and therefore not DES), but it does in software the same thing real DES hardware would do, so it is for all practical purposes DES. (Also, how does the claim that software versions of DES are technically not DES affect legal issues raised by IA96000@PACE about exporting DES?). Also, in my opinion, there is nothing special about DES except that it is a kind of "standard" algorithm (i.e. I think one can easily imagine other equally-difficult- to-decrypt algorithms). Steven C. Woronick | Disclaimer: These are my own opinions. Physics Dept. | Always check it out for yourself... SUNY at Stony Brook | Stony Brook, NY 11794 | Acknowledge-To: <XRAYSROK@SBCCVM>
kiravuo@kampi.hut.fi (Timo Kiravuo) (12/24/89)
>>For those not aware, the U.S. Government guards the DES formula, > Please correct me if I'm wrong, but isn't DES or DES-like >encryption algorithms readily available? As far as I understand, the DES formula is public, but exporting impelemntations is prohibited in the USA. However there is nothing preventing one to make a DES implementation outside the USA and distributing it. Here in Helsinki University of Technology Antti Louko has written one, it is available by anonymous ftp from kampi.hut.fi (130.233.224.2), file is alo/des-dist.tar.Z. It was also posted to USENET comp.sources.??? group a while ago, the posting was dove via a moderator in Australia, since importing DES to the is legal by the US law. (Please note that whatever the US government has to say about DES does not apply to us outside the US territory, the most USA can do is to contact our government or send a spy killer or invade Finland like they did invade Panama.) As to what this has to do with viruses, I don't know, but I think that a public DES implementation might be interesting enough to many people in the virus field, so maybe the moderator will be nice and let this pass. - -- Timo Kiravuo Helsinki University of Technology, Computing Center work: 90-451 4328, home: 90-676 076 kiravuo@hut.fi sorvi::kiravuo kiravuo%hut.fi@uunet.uu.net