Re: Wikipedia "Cryptography" reaches Featured Article status


"Douglas A. Gwyn" <DAGwyn@xxxxxxxx> wrote in message
news:44B55347.D43A310C@xxxxxxxxxxx
snip

It was
never intended that DES implementation couldn't be done in
software; in fact there's a bigger "threat" if it is
available in fast hardware.

I wish to comment solely on the question of DES in hardware or software.

DES was designed for hardware, not software, for legal reasons, not
technical.

The legal mechanism for controlling cryptography was (is) the International
Traffic in Arms Regulations (ITAR) in the Codified Federal Regulations
(CFR). The regulations implement the more general enabling legislation, the
Arms Export Control Act, if I remember its title correctly. The idea behind
the Act is to give the Executive bargaining chips for foreign policy.
Basically, if the foreign power does what we like, our weapons may be sold
to him, and if he doesn't we deny him our weapons. It's supposed to be an
inducement.

The Act originates in the Military Security Act of 1954.

From 1954 on, cryptographic equipment was hardware. The language used in
ITAR used to be "devices" and "equipment." Some time in the early 80s, the
language of ITAR was changed in the definitions section to specify that
"device" included software. There is a question whether cryptographic
software was covered in the law before the definition was changed. It could
have been argued before the change that software was not a device within the
meaning of the law. IMO, it would have been a good legal argument because
the law must be specific as to the "act" forbidden.

But there would have been no question that a chip is a "device" within the
scope of the law. My guess is that NSA's general counsel at the time pushed
for hardware only, not fully realizing that a legal solution to keep control
over cryptography is ineffective for computers. Upon the NSA's realization
of this ineffectiveness, it got the regulations changed to cover software.

I am not a lawyer, so the above is my layman's understanding of the legal
issue of that time. Also, I was never privy to either NSA's or IBM's
discussions, so I'm guessing what happened based on my reading of the law
and the regulations at different points in time.

John K. Taber


.

Relevant Pages

  • Re: Wikipedia "Cryptography" reaches Featured Article status
    ... DES was designed for hardware, not software, for legal reasons, not technical. ... The regulations implement the more general enabling legislation, the Arms Export Control Act, if I remember its title correctly. ... There is a question whether cryptographic software was covered in the law before the definition was changed. ... There are examples of encryption systems being broken by bypassing the crypto so the message is sent in plaintext. ...
    (sci.crypt)
  • Re: Top age-range for Explorers
    ... Both - a TSA rule which is the result of the law. ... Protection of Children Act ... It is important to note that the Act makes a distinction between 'child care ... Children Regulations 2000 and include Schedule 5A ...
    (uk.rec.scouting)
  • Re: Top age-range for Explorers
    ... Both - a TSA rule which is the result of the law. ... Protection of Children Act ... It is important to note that the Act makes a distinction between 'child care ... Children Regulations 2000 and include Schedule 5A ...
    (uk.rec.scouting)
  • Re: Melody vs. Chord Progression
    ... There may be regulations on point, ... than a progression. ... something becomes "law" not only by statute ... subsequent to the 1897 act is probably where these distinctions were drawn. ...
    (rec.music.makers.guitar.jazz)
  • Re: oem vs retail full version
    ... If you do not agree to the terms of this EULA, ... > .the HARDWARE is a single computer system, ... > THIS EULA OR BY LOCAL LAW, ...
    (microsoft.public.windowsxp.general)