On Sat, 6 May 2000, The Hermit Hacker wrote:
> My *understanding* is that MD5 is a half-way measure that is easier to
> break then DES, which is why it isn't under the export restrictions ...
There are a few misconceptions here:
1. DES is legal to export since March of this year, when USG relaxed
controls on crypto. Any software that is off-the-shelf or 'free as in
speech' is allowed to have DES code. Only requirement is that a copy of
software or a link to URL which contains software must be provided to BXA
office.
2. MD5 was allowed to be exported because it is not a encryption
algorithm, and cannot be used as such. It is inherently one-way, therefore
the terrorists won't have any use to it. Or something like that ;)
-alex