Cryptography Law

[Taxious]

I am doing a pretty interesting independent study course this semester titled "Modern Internet Cryptography." Coming from zero experience in the field, I have been surprised to learn how anal the US government is on the subject. I realize there are some pretty powerful tools out there to make sure that your message is secure, but some of the stuff I've read about gives me OMGCONSPIRACY shivers.

I know a couple of you are lawyers and a couple of you are comp science folk. Does anyone happen to have any information about modern cryptography laws? There seems to be a lot of effort by the government to keep certain topics/algorithms secret, it makes me wonder what else is out there that I don't know about.

[Ariannda Kusanagi]

the only thing i can tell you is that my father won't discuss certain things over the cell phone "in case they're listening". I giggled at him tbh. I just really fail to see why anyone would be listening into either of our conversations lol

[Kulaf]

Just look up export laws regarding computers and computer software.

[Torakus]

I don't know a whole lot about the laws, but my project works relatively closely with the NSA for our own crypto certifications. If you have any specific questions just PM them. I will answer anything I can or defer them to one of my crypto guys to see if they are even answerable.

Tora

[Ddrak]

Up until around the Clinton administration, the US was completely nuts about crypto and wouldn't allow anything stronger than a 40 bit cipher to be exported. This policy actually hurt the US more than it helped because it drove serious university crypto research offshore where the information could be freely shared, to the point where it was so stupid that PGP was shipped in two forms - one that couldn't go out of the US and one that couldn't go into the US. The changes in the export laws basically require you to tell the government what crypto you're sending where but it's nowhere near as restrictive and so the US is back in the game again.

There's definitely some shady stuff that went on in the design of DES. The NSA made some modifications to the original algorithm that made it provably easier to crack, but you're talking a long time ago there where crypto was far less well understood. Since AES became an open standard that's well reviewed and respected internationally there's really no call for conspiracy theorists, and if you do actually care then you can switch to Blowfish or Twofish instead.

It's all kinda stupid anyway. Cryptography is at a level where the only feasible way to crack it is to get the keys by some alternate means or to find weaknesses in the random number generators used to generate those keys. The stuff the military uses is all about protecting the keys themselves from someone stealing the equipment, and the management of those keys when loss happens rather than the algorithm itself, which (in most cases) is pointless knowing because it's *secure*.

The biggest thing in crypto these days is finding faster algorithms which are no less secure so the crypto boxes can processes the higher and higher bandwidths needed to fill the data pipes.

Dd

[Barious]

the US was completely nuts about crypto and wouldn't allow anything stronger than a 40 bit cipher to be exported.

I had one of those old 2600 T-Shirts that had an 128-bit encryption schema on it. I packed in my bag when I went to the UK, just to be a rebel.

-Barious