Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / July 2004

Tip: Looking for answers? Try searching our database.

final word on exportable algorithms

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
EP - 27 Jul 2004 03:40 GMT
I'm trying to build an exportable secure system and am having a hard time
finding the definitive answer on export laws.  Can't find it on msdn and
everything I come accross on the net is from '96-'97

I want to use an asymmetric RSA public/private handshake to establish a
weaker 40-bit key for conversation (will be doing this on a message-based
architecture).

So, I go to use RSA encryption for the handshake.. But is RSA limited to 384
bit minimum?  At least the RSACryptoServiceProvider is.  If I cannot use RSA
for exportable systems, what private/public asymmetric algorithms are
exportable?

Can someone confirm the current exportable algorithms?  I know I can use
40-bit DES once I've established the session but what can I use for the
handshake?
Reply to this Message
EP - 27 Jul 2004 14:01 GMT
if anyone was interested, I found the answers here...
http://www.bxa.doc.gov/encryption/ChecklistInstr.htm

> I'm trying to build an exportable secure system and am having a hard time
> finding the definitive answer on export laws.  Can't find it on msdn and
[quoted text clipped - 12 lines]
> 40-bit DES once I've established the session but what can I use for the
> handshake?
Reply to this Message
Rob Teixeira [MVP] - 27 Jul 2004 23:47 GMT
There should be no problem not at all.
The MS Base Cryptographic Service Provider (that the standard RSA class
implementation is based on) is compatible with export limitations (unless
you export it to a country the US has sanctions with, that is).
I think you are confusing the issue of symmetric key lengths with asymmetric
key lengths.
DES is a symmetric cipher, and there is a cap on symmetric cipher key
lengths of 56 to 128 bits, depending on which document you are looking at,
and various other factors. However, RSA is an asymmetric (public/private
key) cipher. Asymmetric key lengths can't exceed 512 bit last time i
checked. And as an aside, the "secure" recommendation is at least 1024 bits
for an RSA key, so if it were up to me, I'd use the largest possible key
(512).

-Rob Teixeira [MVP]

> I'm trying to build an exportable secure system and am having a hard time
> finding the definitive answer on export laws.  Can't find it on msdn and
[quoted text clipped - 12 lines]
> 40-bit DES once I've established the session but what can I use for the
> handshake?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.