Welcome, Guest. Please Login
 
  HomeHelpSearchLogin FAQ Radified Ghost.Classic Ghost.New Bootable CD Blog  
 
Page Index Toggle Pages: 1
Send Topic Print
AES-256 illegal in US? (Read 5515 times)
Rad
Radministrator
*****
Offline


Sufferin' succotash

Posts: 4090
Newport Beach, California


Back to top
AES-256 illegal in US?
Feb 22nd, 2010 at 10:57pm
 
Anybody heard that AES-256 is illegal in the US? Check out this thread (titled "What's the most secure encryption algorithm?"):

http://answers.yahoo.com/question/index?qid=20060925103856AAKPUeo (7th post)

Quote:
AES-256, but it's illegal in the US and the Government uses it

Sounds weird to me. Why would this be? Would infer that all other encrption methods have already been defeated by the government, no?

I can find no validating references anywhere else.

Related terms:

Advanced Encryption Standard.

Rijndael

Truecrypt: http://www.truecrypt.org/

Related linkage / threads:

http://www.wilderssecurity.com/showthread.php?t=263169

http://www.dslreports.com/forum/r19216574-Whats-the-best-encryption-algorithm

http://www.cp-lab.com/cryptography.html

http://www.truecrypt.org/docs/?s=aes

Quote:
In June 2003, after the NSA (US National Security Agency) conducted a review and analysis of AES, the U.S. CNSS (Committee on National Security Systems) announced in [1] that the design and strength of AES-256 (and AES-192) are sufficient to protect classified information up to the Top Secret level.

Is there something above Top Secret? What do they use for that?

Interesting: http://www.truecrypt.org/docs/?s=serpent

Quote:
Serpent was one of the AES finalists. It was not selected as the proposed AES algorithm even though it appeared to have a higher security margin than the winning Rijndael [4].

In spite of these facts, Rijndael was considered an appropriate selection for the AES for its combination of security, performance, efficiency, implementability, and flexibility [4]. At the last AES Candidate Conference, Rijndael got 86 votes, Serpent got 59 votes, Twofish 31 got votes, RC6 got 23 votes, and MARS got 13 votes [18, 19].*
 
WWW  
IP Logged
 

Rad
Radministrator
*****
Offline


Sufferin' succotash

Posts: 4090
Newport Beach, California


Back to top
Re: AES-256 illegal in US?
Reply #1 - Feb 23rd, 2010 at 12:33am
 
Quote:
AES-256 is not illegal to use in the United States; domestic use of encryption technologies have generally never been restricted that way - there were, for some time, moves to allow for the possibility of communication intercepts  using warrants based on mandating the use of key escrow for non-military encryption, but that is an idea that died in practice.

The situation is somewhat more complex for companies which produce software which employs cryptographic techniques (which includes all kinds of other things than encryption, such as authentication, which is typically built out of very similar cryptographic building blocks) or which are involved in cross-border communications; for instance, for the United States there is the requirement for software companies to comply with the export control regulations set by the Bureau of Industry and Security (on top of the general need to be aware of the Office of Foreign Assets Control list of embargoed countries and individuals), and it's worth bearing in mind that virtually every country that you export *to* has similar kinds of regulation in place and that many of those countries may, unlike the United States, regulate their citizen's use of cryptographic software. As a result, one of the many jobs involved in releasing software which is sold in different countries is filing the necessary regulatory paperwork in the exporting and importing countries covering the way your product(s) uses cryptographic techniques. Even with the assistance of legal teams to deal with the detailed processes of filing, it's a tedious business auditing your software to ensure that the legal filings that result are complete and accurate.

This gets even more interesting when indirectly exporting something that aggregates products from other vendors, which often results from the internal operations of organizations that cross national boundaries: multinational customers of U.S. corporations therefore also tend to need to be aware of the impact of U.S. export control classification, which is why vendors such as Adobe and Symantec publish regulatory information about their products, such as at http://customercare.symantec.com/app/answers/detail/a_id/96 (do take a look at the PDF linked from there).

- Nigel
 
WWW  
IP Logged
 
Pleonasm
Übermensch
*****
Offline



Posts: 1619


Back to top
Re: AES-256 illegal in US?
Reply #2 - Feb 23rd, 2010 at 6:57am
 
FYI -- The AES algorithm is used by many programs available in the US (e.g., PGP Desktop and WinZip).
 

ple • o • nasm n. “The use of more words than are required to express an idea”
 
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print