Re: Export restrictions / SSH session key

From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
Date: 23 May 2006 17:03:17 GMT

"quebert" <isquereal@xxxxxxxx> writes:

Richard E. Silverman schrieb:

As Nico said, ask a lawyer.

I have already contacted our lawyer in the company.

However, the hostkeys in SSH-2 are used only
for signing, not encryption, and I believe there are no restrictions on
signature algorithms.

For SSHv2 this is also my understanding.
But we would still like to use SSHv1 only, because DES is not
recommended in SSHv2.

DES is not recommended because it is weak. Key too short. Why would you
want to use a weak cypher? And

From the Wassenaar Arrangement it is not possible for me to
interpret the following sentences:

- free for export are: all symmetric crypto products of up to 56 bits, all asymmetric

crypto products of up to 512 bits, and all subgroup-based crypto
products (including
elliptic curve) of up to 112 bits;

- mass-market symmetric crypto software and hardware of up to 64 bits are free for

export (the 64-bit limit was deleted on 1 December 2000, see
below);

- the export of products that use encryption to protect intellectual property (such as

DVDs) is relaxed;

- export of all other crypto still requires a license.

The key point is:
Does the encryption of the session key with RSA (by default 768 bits) violate
this arrangement, or does this arrangement only affect the 'encryption' of the
data itself?

Ask a lawyer, or take on a court case to get the phrasing clarified.
Or make it public ( openssh is public so it has no limit)

What country are you in? The language you quote sounds like US language.
What has US law to do with you?

.

References:
- Export restrictions / SSH session key
  - From: quebert
- Re: Export restrictions / SSH session key
  - From: Richard E. Silverman
- Re: Export restrictions / SSH session key
  - From: quebert

Prev by Date: Re: Problems with the free Tectia "SSH secure shell"-Client
Next by Date: Re: Utility for the conversion of SSH keys
Previous by thread: Re: Export restrictions / SSH session key
Next by thread: Distinguishing ssh-logins from sftp-logins
Index(es):
- Date
- Thread

Relevant Pages

3DES and super-encryption
... I'm basically familiar with 3DES and how it was developed to extend the ... short version of what I know about the transition from DES ... DES is basically a secure cipher except that with 56 bit keys it is ... adds nothing to the strength of encryption but may actually weaken a cipher. ...
(sci.crypt)
Re: DES and UUEncoded
... If you're using CBC mode encryption, than you need to use an IV by definition. ... You'll need to find some documentation for the DES utility you're ... >> Next you create a MemoryStream that will hold the output of your ...
(microsoft.public.dotnet.security)
Cryptography FAQ (05/10: Product Ciphers)
... What makes a product cipher secure? ... What exactly is DES? ... Let E_Kbe the encryption of X under key K. Then, for any fixed K, ...
(sci.crypt)
Cryptography FAQ (05/10: Product Ciphers)
... What makes a product cipher secure? ... What exactly is DES? ... Let E_Kbe the encryption of X under key K. Then, for any fixed K, ...
(sci.crypt)
Cryptography FAQ (05/10: Product Ciphers)
... What makes a product cipher secure? ... What exactly is DES? ... Let E_Kbe the encryption of X under key K. Then, for any fixed K, ...
(sci.crypt)