• neidu3@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 month ago

    Not just PGP, but any encryption strength above a certain level was considered “munitions” from a legal standpoint. Because of this, finding a windows Ssh client was a PITA for quite a while.

    • Melvin_Ferd@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      1 month ago

      Wait does imply that other encryption is broken since what would it matter if you used encryption greater than something the government allowed you to

      • neidu3@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 month ago

        Nah, this was ages ago. I don’t remember the exact encryption strength, but it was pretty low, even by yesteryear standards. This was a remnant from when cryptography was ruled by whichever government could find the biggest autistic savant.

        • Em Adespoton@lemmy.ca
          link
          fedilink
          arrow-up
          7
          ·
          1 month ago

          I believe the encryption restrictions were relaxed in 1998.

          However, certification for import/export of nuclear weapons and other dangerous goods was still needed for strong encryption (such as phone SIM cards) as recently as 2006. To get on that list of people who could legally transport SIM cards not for personal use over the US border, you needed the same background check and government clearance as someone transporting enriched uranium.

      • Treczoks@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        1 month ago

        There was a limit on key strength at 40 bits. Americans were allowed 56 bits (OK, they didn’t really get the full 56 bits, but that is another story). The Electronic Frontier Foundation built “Deep Crack” in 1998, a custom machine that broke the 56 bit DES in two seconds, so it probably would have taken them 1/8 second to crack the 40 bit. This happened when the ban was still active.

        This led to two movements: creative export and hosting of >40 bit algorithms outside the US, and development of better algorithms outside the US, like Rijndaal, SERPENT, IDEA, E2, and other non-US AES-candidates.

      • WolfLink@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        All encryption can be brute forced, the point of having a large key size is to make the compute effort needed to brute force the key impractical.

        “Impractical” for an individual, even one that has several very powerful computers (by DIY standards) is a much lower bar than impractical for a government, that might use huge supercomputing clusters or hardware designed specifically for brute forcing encryption.

        Note that the recommended key size to protect from “individual” tier hackers has increased over the years as the power of the average personal computer has increased.