Not just PGP, but any encryption strength above a certain level was considered “munitions” from a legal standpoint. Because of this, finding a windows Ssh client was a PITA for quite a while.
All encryption can be brute forced, the point of having a large key size is to make the compute effort needed to brute force the key impractical.
“Impractical” for an individual, even one that has several very powerful computers (by DIY standards) is a much lower bar than impractical for a government, that might use huge supercomputing clusters or hardware designed specifically for brute forcing encryption.
Note that the recommended key size to protect from “individual” tier hackers has increased over the years as the power of the average personal computer has increased.
There was a limit on key strength at 40 bits. Americans were allowed 56 bits (OK, they didn’t really get the full 56 bits, but that is another story). The Electronic Frontier Foundation built “Deep Crack” in 1998, a custom machine that broke the 56 bit DES in two seconds, so it probably would have taken them 1/8 second to crack the 40 bit. This happened when the ban was still active.
This led to two movements: creative export and hosting of >40 bit algorithms outside the US, and development of better algorithms outside the US, like Rijndaal, SERPENT, IDEA, E2, and other non-US AES-candidates.
Nah, this was ages ago. I don’t remember the exact encryption strength, but it was pretty low, even by yesteryear standards. This was a remnant from when cryptography was ruled by whichever government could find the biggest autistic savant.
I believe the encryption restrictions were relaxed in 1998.
However, certification for import/export of nuclear weapons and other dangerous goods was still needed for strong encryption (such as phone SIM cards) as recently as 2006. To get on that list of people who could legally transport SIM cards not for personal use over the US border, you needed the same background check and government clearance as someone transporting enriched uranium.
For a while it was illegal to export Pretty Good Privacy, or PGP from the US.
FTP servers in the US removed it for fear of legal action.
So I imported it from a University in Scotland. 😉
https://www.openpgp.org/
Not just PGP, but any encryption strength above a certain level was considered “munitions” from a legal standpoint. Because of this, finding a windows Ssh client was a PITA for quite a while.
Wait does imply that other encryption is broken since what would it matter if you used encryption greater than something the government allowed you to
All encryption can be brute forced, the point of having a large key size is to make the compute effort needed to brute force the key impractical.
“Impractical” for an individual, even one that has several very powerful computers (by DIY standards) is a much lower bar than impractical for a government, that might use huge supercomputing clusters or hardware designed specifically for brute forcing encryption.
Note that the recommended key size to protect from “individual” tier hackers has increased over the years as the power of the average personal computer has increased.
There was a limit on key strength at 40 bits. Americans were allowed 56 bits (OK, they didn’t really get the full 56 bits, but that is another story). The Electronic Frontier Foundation built “Deep Crack” in 1998, a custom machine that broke the 56 bit DES in two seconds, so it probably would have taken them 1/8 second to crack the 40 bit. This happened when the ban was still active.
This led to two movements: creative export and hosting of >40 bit algorithms outside the US, and development of better algorithms outside the US, like Rijndaal, SERPENT, IDEA, E2, and other non-US AES-candidates.
Nah, this was ages ago. I don’t remember the exact encryption strength, but it was pretty low, even by yesteryear standards. This was a remnant from when cryptography was ruled by whichever government could find the biggest autistic savant.
I believe the encryption restrictions were relaxed in 1998.
However, certification for import/export of nuclear weapons and other dangerous goods was still needed for strong encryption (such as phone SIM cards) as recently as 2006. To get on that list of people who could legally transport SIM cards not for personal use over the US border, you needed the same background check and government clearance as someone transporting enriched uranium.