SHA-256 has no backdoors =/= Bitcoin has no backdoors

[Come-from-Beyond]

There has been a lot of threads about Snowden, NSA and broken crypto started recently. Some guys asked what if NSA could break SHA-256, others answered that SHA-256 was analyzed by a lot of cryptomaniacs and noone has found a weakness yet... Ok, but Bitcoin uses double SHA-256. It's not that SHA-256, it's a completely different algo. What if Sha256() function applied to itself gives an outcome that correlates to the input? Like if we took f(x)=1/x and calculated f(f(5)) which is 5.

Of course, we can only speculate about this. I just want to point that it's not correctly to discuss security of Bitcoin mining algo applying well-studied features of conventional SHA-256.

[1715206934]

1715206934

[1715206934]

1715206934

[phillipsjk]

Why don't you read up on Tripple-DES and then restate your question?

Hint: Running SHA-256 twice does not in any way make it less secure.

[shep80]

Double SHA-256 still relies on the underlying properties of SHA-256...

With 3DES and the like, it is more than just DES three times. With bitcoin, it is just SHA-256 twice. It's quite good but the argument could be made having an alternate middle hash function would be "more" secure.

Regardless, if SHA-256 has serious issues bitcoin is the least of the problems 

[AndrewWilliams]

Read the latest, whether they can crack it or not, it doesn't matter since they had backdoors planted in it.

[Come-from-Beyond]

Hint: Running SHA-256 twice does not in any way make it less secure.

Care to prove?

With bitcoin, it is just SHA-256 twice.

Care to prove?

Double SHA-2, therefore, cannot be weaker than single SHA-2.

Doubtful, sorry.

[polarhei]

Each arithmetic has its weakness. Even these people has to leave a small paper (never be written in direct term, just relative) about it before announces, the cracking takes long time to deal with. Even Bank-level encryption.

So, two-step just take longer before broken. This is the nature of encryption. Do you know the case of the U submarine story? Better to read again.

[phillipsjk]

Care to prove?

fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you.

I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application.

Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken.

If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.

[Jace]

If double SHA-2 were weaker than single SHA-2, one could simply use that construct to weaken single SHA-2.  In other words, let's suppose someone discovered that double SHA-2 can be broken with 2^80 operations (instead of the usual 2^256 for a pre-image attack).  Given that, anyone trying to attack SHA-2 could just, ya know, run SHA-2 on the hash they're trying to break and then perform 2^80 operations to break it and recover the original input.

Not true. Given a hash value h, if you 'recover' the original some input x such that Sha2(Sha2(x))=Sha2(h), this does not imply Sha2(x)=h.

[Come-from-Beyond]

fpgaminer proved it; you are just bad at math (basing this partially on your previous thread). If you are of Middle-school age, the math may be just a little advanced for you.

Hehe. U r close to compare me with Hitler.

I mentioned 3DES because it is an example of a weak algorithm being strengthened by repeated application.

Running SHA-256 twice buys us some time if 'single' SHA-256 is found to be broken.

If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.

If you want to confirm that Bitcoin simply runs the standard SHA-256 twice, you have only to check the source-code.

Ta, I know that.

[kokjo]

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

[AndrewWilliams]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

[Wilikon]

If proven, I believe this will be the end of a lot of industries based on 100% trust, like bitcoin. If bitcoin falls, the next domino will follow: Wall Streets, military top secrets all over the world, etc.

This may even fork the internet. The whole internet.

[phillipsjk]

Hehe. U r close to compare me with Hitler.

Uh, no.

If u r not a schoolboy u should use mathematical notation instead of vague words. Try again.

The wikipedia page gives a little more detail about 3DES. Encrypting 3 times does not triple the strength of the cipher. However, it also does not weaken it.

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

So kokjo is pointing out that nobody has proven that SHA-256 has a completely uniform probability distribution.

That does not imply that a second iteration makes the combined hash weaker for the reason fpgaminer pointed out. The example he used was to assume double-SHA-256 has about the same cryptographic strength as MD5. I will make a weaker assumption: assume the second hash has reduced variability because of the limited input size.

Once the attacker determines the intermediate hash in 2⁸⁰ time, they have a problem: they must now break the remaining 'single' hash. I suppose I should prove that later rounds don't undo the work of earlier rounds: but frankly, I don't have the time right now.

[Kazimir]

SHA-256 HAS BACKDOORS.

PROOF OR STFU.

(oh and by the way...)

[AndrewWilliams]

SHA-256 HAS BACKDOORS.

PROOF OR STFU.

(oh and by the way...)

Shhh.... if people hear you talk, they'll know you're dumb. 

[solex]

SHA-256 HAS BACKDOORS.

References?
Papers?
Links?
Actor_Tom_Truong say-so?

Anything?

[Galahad]

Some pretty childish bickering going on here but anyway.

There have been many discussions about this subject already, I would dig them out as they have already dealt with these concerns. The best thing I've heard out of it is that the Bitcoin algorithm has been testing for 20years and not even a theoretical weakness has been found by the best experts in the world. I don't think any power of resources could overcome that fact. It would be like 1000 monkeys trying to write Shakespear. The latest theory I've read is that they can decrypt RC4 only which is very old and has known weaknesses (used in WEP wifi and SSL). Despite these weaknesses it is still used very heavily across the web (god know's why).

You can get an addon for Firefox called Calomel if you want to see how regularly RC4 and other is used.

EDITED
https://bitcointalk.org/index.php?topic=288545.0
https://bitcointalk.org/index.php?topic=291217.0

In particular:
https://bitcointalk.org/index.php?topic=288545.msg3091137#msg3091137

[Come-from-Beyond]

Don't worry guys, we always can move to Litecoin...

[hashman]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

It's worse than you think.  All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message.  Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.     

[deepceleron]

Many of you seem to be lost in translation.


SHA-256 HAS BACKDOORS.

LIKE WINDOWS OS HAS BACKDOORS. That means NSA works with Windows to plant backdoors to access any system. NSA purposely weakens software and plants backdoors in it, SHA-256 is no exception.

It's worse than you think.  All they need is 8 BITS of a SHA-256 message digest and they can backdoor their way to reconstructing your arbitrary length message.  Incidentally this is the same tech they use to store a full year of global telecoms traffic on a thumb drive.

Now you've gone full retard. How about I give you the first 32 bits of every Bitcoin block hash and you reconstruct the message (hint: they are all 0x00000000h).

If I have a SHA256 hash, it will likely correspond to collision with two 257 bit messages, four 258 bit messages, etc. The "arbitrary length message" of Bitcoin is a never-before-seen merkle tree of 256 bit hashes; the information in the hash cannot possibly be used to derive the ~250KB of data per block.

[Littleshop]

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

So a single key can be cracked in 1,000,000 years using every atom on the planet for energy instead of in 1,000,000,000 years using every atom in the solar system? 

[Come-from-Beyond]

Now you've gone full retard...

Hehe, sarcasm doesn't work without <sarcasm> tag.

[kokjo]

double sha2 is weaker then sha2 in some aspects.

im not sure that anyone have ever proven that sha2 hits its whole 'probability' space(2^256), if doesn't do that it will be loosing entropy by repeated applications.

more data in(a big fat block of data), means more random out. less data in(a single 256-bit sha2 hash), means less random out.

So a single key can be cracked in 1,000,000 years using every atom on the planet for energy instead of in 1,000,000,000 years using every atom in the solar system? 

sort of, yes.

[AndrewWilliams]

Time to shut up, listen, and learn. School is in session.


One of two articles, the first showing how NSA puts backdoors in encryption.

Did NSA Put a Secret Backdoor in New Encryption Standard?

By Bruce Schneier
Wired News
November 15, 2007

Link: https://www.schneier.com/essay-198.html

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later -- and renamed it Fortuna -- in the book Practical Cryptography, which I co-authored with Ferguson.

The U.S. government released a new official standard for random-number generators this year, and it will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90 (.pdf), the 130-page document contains four different approved techniques, called DRBGs, or "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. It's smart cryptographic design to use only a few well-trusted cryptographic primitives, so building a random-number generator out of existing parts is a good thing.

But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.

The NSA has always been intimately involved in U.S. cryptography standards -- it is, after all, expert in making and breaking secret codes. So the agency's participation in the NIST (the U.S. Commerce Department's National Institute of Standards and Technology) standard is not sinister in itself. It's only when you look under the hood at the NSA's contribution that questions arise.

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described as a backdoor.

This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.

We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise.

This is scary stuff indeed.

Even if no one knows the secret numbers, the fact that the backdoor is present makes Dual_EC_DRBG very fragile. If someone were to solve just one instance of the algorithm's elliptic-curve problem, he would effectively have the keys to the kingdom. He could then use it for whatever nefarious purpose he wanted. Or he could publish his result, and render every implementation of the random-number generator completely insecure.

It's possible to implement Dual_EC_DRBG in such a way as to protect it against this backdoor, by generating new constants with another secure random-number generator and then publishing the seed. This method is even in the NIST document, in Appendix A. But the procedure is optional, and my guess is that most implementations of the Dual_EC_DRBG won't bother.

If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

In the meantime, both NIST and the NSA have some explaining to do.

Second article.

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

New York Times provides new details about NSA backdoor in crypto spec
The paper points a finger definitively at the long-suspected Dual_EC_DRBG algorithm.

by Megan Geuss - Sep 11, 2013 3:00 am UTC
Link: http://arstechnica.com/security/2013/09/new-york-times-provides-new-details-about-nsa-backdoor-in-crypto-spec/

Today, the New York Times reported that an algorithm for generating random numbers, which was adopted in 2006 by the National Institute of Standards and Technology (NIST), contains a backdoor for the NSA. The news followed a NYT report from last week, which indicated that the National Security Agency (NSA) had circumvented widely used (but then-unnamed) encryption schemes by placing backdoors in the standards that are used to implement the encryption.

In 2007, cryptographers Niels Ferguson and Dan Shumow presented research suggesting that there could be a potential backdoor in the Dual_EC_DRBG algorithm, which NIST had included in Special Publication 800-90. If the parameters used to define the algorithm were chosen in a particular way, they would allow the NSA to predict the supposedly random numbers produced by the algorithm. It wasn't entirely clear at the time that the NSA had picked the parameters in this way; as Ars noted last week, the rationale for choosing the particular Dual_EC_DRBG parameters in SP 800-90 was never actually stated.

Today, the NYT says that internal memos leaked by Edward Snowden confirm that the NSA generated the Dual_EC_DRBG algorithm. Publicly, however, the agency's role in development was significantly underbilled: “In publishing the standard, NIST acknowledged 'contributions' from NSA, but not primary authorship,” wrote the NYT. From there, the NSA pushed the International Organization for Standardization to adopt the algorithm, calling it “a challenge in finesse” to convince the organization's leadership.

“Eventually, NSA became the sole editor” of the international standard, according to one classified memo seen by the NYT.

The details come just as NIST released a promise to reopen the public vetting process for SP 800-90. “We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place,” a memo from the Institute read. “NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the US government and industry at large.”

Still, NIST asserted that its purpose was to protect the federal government first: “NIST’s mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.”

Class is dismissed.

[Come-from-Beyond]

Interesting articles, thank you.

[phillipsjk]

Time to shut up, listen, and learn. School is in session.


One of two articles, the first showing how NSA puts backdoors in encryption.

Did NSA Put a Secret Backdoor in New Encryption Standard?

By Bruce Schneier
Wired News
November 15, 2007

Link: https://www.schneier.com/essay-198.html

Second article.

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

New York Times provides new details about NSA backdoor in crypto spec
The paper points a finger definitively at the long-suspected Dual_EC_DRBG algorithm.

by Megan Geuss - Sep 11, 2013 3:00 am UTC
Link: http://arstechnica.com/security/2013/09/new-york-times-provides-new-details-about-nsa-backdoor-in-crypto-spec/

Class is dismissed.

The NSA has to allow secure algorithms to secure their own data. They use AES (possibly with a different key schedule) and SHA-256 AFAIK.

What these revelations mean is that you have to do you homework before using cryptography. Something most users are not going to be able to do. As a result, they will be vulnerable to degradation attacks whereby host are tricked into using weak algorithms. These revelation mean the NSA has been making it easier to choose weak algorithms.

For example, I recently disabled password authentication so that I can securely access my computer remotely (Using RSA-based public key authentication). In the sshd_config file, I also disabled version 1 of the protocol, MD5 hashing, as well as 3DES and arcfour (RC4) encryption. This means that my computer will refuse to negotiate a connection using those weaker protocols.

[Jace]

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

You seem to imply that the NSA is in charge about what cryptography algorithms people can create and distribute as open source (i.e. release) worldwide?

And "the nation", what nation? Cryptography is not limited to any country's borders.

[Come-from-Beyond]

The NSA has to allow secure algorithms to secure their own data. They use AES (possibly with a different key schedule) and SHA-256 AFAIK.

I "use" a house with a backdoor and don't worry. Because I'm the only one who can open that backdoor.

[AndrewWilliams]

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

You seem to imply that the NSA is in charge about what cryptography algorithms people can create and distribute as open source (i.e. release) worldwide?

And "the nation", what nation? Cryptography is not limited to any country's borders.

Cryptography is heavily regulated by the US government. You may not export or import cryptography without their approval.
This has to do with a very specialized section of US and international law.


Open source is interesting. I would not be surprised if successful opensource cryptography projects are bought out by the US govt regularly, to prevent them from being released to the public.

Truecrypt long thought to be open source, is not really open source. Other then TC, I can not think of an opensource crypto software that is popular. If 95+% of the population is using "approved" cryptography with backdoors in it, i should basically suit the US govts needs

[kokjo]

Cryptography is heavily regulated by the US government. You may not export or import cryptography without their approval.
This has to do with a very specialized section of US and international law.

Cool! So there is a law! Do you have a number on how many times it has been broken?

[balanghai]

if there is, how fast could they break in?

[Jace]

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

You seem to imply that the NSA is in charge about what cryptography algorithms people can create and distribute as open source (i.e. release) worldwide?

And "the nation", what nation? Cryptography is not limited to any country's borders.

Cryptography is heavily regulated by the US government. You may not export or import cryptography without their approval.

What do you mean, "export or import cryptography". We're talking about digital, abstract, virtual stuff here. Their approval does simply not apply. This stuff is online and worldwide, "out there in the cloud", not local or bound to any country or region.

This has to do with a very specialized section of US and international law.

Oh, the US? Well, the world doesn't care what the US thinks. Iran and North Korea also has "very specialized laws" against all sorts of online endeavours. Do you even care?

Open source is interesting. I would not be surprised if successful opensource cryptography projects are bought out by the US govt regularly, to prevent them from being released to the public.

Get a grip man. Open source projects are bought by the US govt? (not the Chinese or Russian govt? You sure?) From whom, exactly? How is that to prevent the world from continuing to freely share these involved sources and ideas?

You're way too US-minded. I guess you're a US citizen yourself, so you may have a twisted perspective, but the world doesn't care that much about the US. Really.

Truecrypt long thought to be open source, is not really open source.

What do you call this?

[AndrewWilliams]

Yall outa know by now, NSA will NOT let any cryptography be released that THEY are not going to be able to plant a backdoor in. The nation's security is too important to leave anything to chance.

You seem to imply that the NSA is in charge about what cryptography algorithms people can create and distribute as open source (i.e. release) worldwide?

And "the nation", what nation? Cryptography is not limited to any country's borders.

Cryptography is heavily regulated by the US government. You may not export or import cryptography without their approval.

What do you mean, "export or import cryptography". We're talking about digital, abstract, virtual stuff here. Their approval does simply not apply. This stuff is online and worldwide, "out there in the cloud", not local or bound to any country or region.

This has to do with a very specialized section of US and international law.

Oh, the US? Well, the world doesn't care what the US thinks. Iran and North Korea also has "very specialized laws" against all sorts of online endeavours. Do you even care?

Open source is interesting. I would not be surprised if successful opensource cryptography projects are bought out by the US govt regularly, to prevent them from being released to the public.

Get a grip man. Open source projects are bought by the US govt? (not the Chinese or Russian govt? You sure?) From whom, exactly? How is that to prevent the world from continuing to freely share these involved sources and ideas?

You're way too US-minded. I guess you're a US citizen yourself, so you may have a twisted perspective, but the world doesn't care that much about the US. Really.

Truecrypt long thought to be open source, is not really open source.

What do you call this?

I will address your questions in order of stupidity:



Is TrueCrypt "Open Source"?
Review by kwamehagan about TrueCrypt Jul 2013
http://alternativeto.net/discussions/applications/10846/is-truecrypt-open-source-/

No.

TrueCrypt has not been approved under the Open Source Initiative. This is due to not following The Open Source Definition for software.

It is also using a custom licence which has been vetted and mandated as non open-source.

    Fedora: Forbidden Items - TrueCrypt

        The TrueCrypt software is under a poor license, which is not only non-free, but has the potential to be actively dangerous to end users or distributors who agree to it, opening them to possible legal action even if they abide by all of the licensing terms, depending on the intent of the upstream copyright holder.

This is why TrueCrypt does not have the status: "Open Source".
(N.B. Wikipedia's status on TrueCrypt is just "source-available")



What do you mean, "export or import cryptography". We're talking about digital, abstract, virtual stuff here. Their approval does simply not apply. This stuff is online and worldwide, "out there in the cloud", not local or bound to any country or region.


From Wikipedia: https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States

The export of cryptography in the United States is the transfer from the United States to another country of devices and technology related to cryptography.

Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Technology.[1]

In light of the enormous impact of cryptanalysis in World War II, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the post-colonial period and whose position on Cold War issues was regarded as vital.[2]

Since the U.S. and U.K. had, they believed, developed more advanced cryptographic capabilities than others, the intelligence agencies in these countries had a notion that controlling all dissemination of the more effective crypto techniques might be beneficial.

The First Amendment made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments.





FreeSwan Project
From: http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/exportlaws.html


Many nations restrict the export of cryptography and some restrict its use by their citizens or others within their borders.

US laws, as currently interpreted by the US government, forbid export of most cryptographic software from the US in machine-readable form without government permission. In general, the restrictions apply even if the software is widely-disseminated or public-domain and even if it came from outside the US originally. Cryptography is legally a munition and export is tightly controlled under the EAR Export Administration Regulations.

[ijphlrnxewho]

Well, I'm sure the general public trust the super nerds right now with Bitcoins.




Free Gift from his majesty the King Cuong V Truong
SECRET: This is how a bitcoin mining pool makes big money
https://bitcointalk.org/index.php?topic=296256.0

[phillipsjk]

FreeSwan Project
From: http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/exportlaws.html


Many nations restrict the export of cryptography and some restrict its use by their citizens or others within their borders.

If you look at the page info, you will see that page has not been updated since the year 2000. This also happened around that time:
Apple PowerMac G4 Commercial - Super Computer (Tanks)
They raised the limit to 500Gflops, which caught the PS3 personal computer entertainment system before dropping that law.

While the restrictions you mention were in place: Cyrptography development moved outside the United States. I remember having to be careful to download the non-US versions of Debian since it was illegal to re-export strong cryptography. It appears what happened is that the powers-that-be decided exporting cryptography would be allowed. The catch is that now standards developed in the US are suspect.

PS: this thread now has 3 people from my (exclusive) ignore list participating in it. Maybe I should stop commenting.