Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:21 ADT
Jim Gillogly (jim@mentat.com)
Fri, 27 Mar 98 13:16:16 PST
Kent Briggs says:
> I just read Ron Rivest's Chaffing and Winnowing paper. If his technique is
> not classified as encryption then it seems I could make a logical extension
> using the technique described below and it wouldn't be classified as
> encryption either. I somehow doubt the U.S. gov't would agree, however.
>
> Alice and Bob share a secret key. Alice salts her key with a random number
> and runs the result through an RC4 key schedule. She then cycles the RC4
...
> Message: 1 0 0 1 1 0 1 0
> RC4 stream: 0 0 1 0 1 0 1 1
> chaff&wheat: 10 01 10 10 01 01 01 10
>
> Technically, the entire message is sent in the clear. It's just not obvious
> if the wheat bit is the first or the second bit in the bit pairs. Now what do
> you think would happen if I applied for an export license for software using
> this technique without putting a 40-bit restraint on the key size?
You'd get turned down. The reason is that you have RC4 in there,
which is an Encryption Algorithm under the Meaning of the Act, and
hence covered by the EAR. The difference with Rivest's system is that
its "cryptographic" mechanism is a keyed HMAC, which is explicitly
excluded by the EAR from needing an export license.
In order to come after somebody for exporting a wheat/chaff system,
they'd need to change something in the EAR.
Jim Gillogly
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:21 ADT