Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!hsdndev!cmcl2!adm!news From: microsoft!richardw@uunet.uu.net Newsgroups: comp.lang.pascal Subject: Re: DES encryption Message-ID: <26759@adm.brl.mil> Date: 2 May 91 22:39:33 GMT Sender: news@adm.brl.mil Lines: 35 |>From: Bob Beauchaine | | | BTW, it should not be a problem for international use since the | DES standard states that *NO* DES implementation in software is | considered secure. That's not the point. The point is, *use* of the DES algorithm is regulated by the federal government here in the States. Outside of US borders, most countries have fewer restrictions (I don't remember what the COCOM rules are about DES). If you write something for use strictly within the US, then there are no rules -- as yet. However, if you code up the the DES algorithm, then transmit it outside of the country, you risk serious attention from the government. The warning was that if someone posts code for DES, then it will get relayed all over the world, and people at the US Department of State will get very annoyed, because that counts as *unlicensed export of encryption technology*. They have a very heavy hand for dealing with things like that. If you want the algorithm itself, it's written up in a variety of places. One of the nicer ones was in a French book, actually. You can also find it in Andy Tannebaum's "Computer Networks," Dorothy Denning's "Cryptography," or you can even write to the US government printing office and ask for a copy of the original spec. Costs about US$10. I'm not saying this is the way life should be. If you don't like it, write to your congresscritter. -Richard Ward Distributed Security Group uunet!microsoft!richardw microsoft!richardw@uunet.uu.net The above has no relation to Microsoft corporate policy.