[2280] in cryptography@c2.net mail archive
Re: exporting blowfish
daemon@ATHENA.MIT.EDU (Michael Paul Johnson)
Fri Mar 13 10:13:32 1998
Date: Thu, 12 Mar 1998 22:06:11 -0700
To: michael shiplett <walrus@ans.net>
From: Michael Paul Johnson <mpj@ebible.org>
Cc: cryptography@c2.net
In-Reply-To: <199803122216.JAA03227@avalon.qualcomm.com>
At 09:16 AM 3/13/98 +1100, Greg Rose wrote:
>michael shiplett writes:
>>In trying to get an license to export from the US, I was just told
>>that the use of blowfish is limited not to 40-bits but to 32-bits. Has
>>anyone else run into this?
>
>I haven't run into this specific example, but it
>doesn't surprise me at all. Blowfish has a large
>key schedule overhead (by design). The 40 bit
>limit was imposed to allow NSA brute-force attacks
>to succeed at (what they think of as) reasonable
>cost.
>...
The NSA forced me to limit the strength of the Sapphire stream cipher in
the export version of Quicrypt to 32 bits as well. I suspect that for some
reason cracking RC4 is cheaper than cracking other ciphers. (Existing
dedicated hardware, perhaps?)
