Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!rutgers!usc!zaphod.mps.ohio-state.edu!rpi!sci.ccny.cuny.edu!phri!cmcl2!adm!news
From: mjoyce@smiley.mitre.org
Newsgroups: comp.unix.internals
Subject: Re: Is the DES algorythm PD?
Message-ID: <25366@adm.brl.mil>
Date: 2 Jan 91 14:55:40 GMT
Sender: news@adm.brl.mil
Lines: 21


  The reason for export controls on software implementations of DES have
always mystified me.  Here are two observations that fuel my confusion.

   FIPS PUB 46 states: "Software implementations in general purpose
computers are not in compliance with this standard." (reference FIPS PUB 46,
15 January 1977, "Data Encryption Standard," page 2, paragraph "Hardware
Implementation")  How could export controls apply to something that does
not comply with the standard?

  Assuming that software implementations of DES are subject to export
controls, why would the National Institute of Standards and Technology
publish a software implementation of the DES?  Appendix D of FIPS PUB 112
contains a FORTRAN program for passphrase transformation and password
encryption.  A software implementation of DES is provided in the FORTRAN
program (reference FIPS PUB 112, 30 May 1985, "Password Usage," Appendix D). 
FIPS PUB 112 is available from the National Technical Information Service,
U.S. Department of Commerce, Springfield, VA 22161.  The price of FIPS PUB
112 was $15.95 in 1989.  Major credit cards accepted.

            mike