File: README.RESTRICTED-KEY-LENGTHS

package info (click to toggle)
nessus-libraries 1.0.10-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 9,536 kB
  • ctags: 12,585
  • sloc: ansic: 72,626; asm: 25,921; sh: 19,570; makefile: 1,974; cpp: 560; pascal: 536; yacc: 234; lex: 203; lisp: 186; perl: 76; fortran: 24
file content (71 lines) | stat: -rw-r--r-- 2,486 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
          Copyright (c) mjh-EDV Beratung, 1996-1999
     mjh-EDV Beratung - 63263 Neu-Isenburg - Rosenstrasse 12
          Tel +49 6102 328279 - Fax +49 6102 328278
                Email info@mjh.teddy-net.com

    Author: Jordan Hrycaj <jordan@mjh.teddy-net.com>

   $Id: README.RESTRICTED-KEY-LENGTHS,v 1.4 2000/02/18 07:21:05 jordan Exp $

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Library General Public
   License as published by the Free Software Foundation; either
   version 2 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Library General Public License for more details.

   -----------------------------------------------------------------

Important:
  
  This file applies only in rare cases, as when this library
  needs to placed on a US server that can be downloaded from
  the rest of the world.

  And this makes only sense if this library comes as support for
  another package.

   -----------------------------------------------------------------

In order to satisfy us export laws, you can restrict the session
key lengths to 56, or 64 bits (or_whatever_you_want mod 8). To do
that, append the key length to the --enable-cipher argument when
configuring:

  ./configure --enable-cipher=64

To meet some weird export restrictions concerning assymetric keys,
you can also set the maximal El Gamal key size to, 512 say

  ./configure --enable-cipher=64,512

Compiling now produce a cipher library instance with the following
features:

+ all assymetric keys greater than 512 bits are rejected

+ all session keys are restricted to effectively using 64 bits,
  only (the rest of the keys is fixed)

+ you need to install the same peks library instance on the
  server and on the client machine (two different library
  instances cannot communicate)

So, for US exporting (and testing) you can use the 64 bits
restricted version to provide ready-to-use binaries.  At the
destination you may recompile the peks library without any
encryption restriction.

   -----------------------------------------------------------------

I hope this way of dealing with export laws is a usefull feature,
please comment.

Send bugs, ideas, suggestions and the like to
<jordan@mjh.teddy.net.com>.

jordan