From owner-freebsd-chat Mon Oct 14 23:31:29 1996 Return-Path: owner-chat Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA04468 for chat-outgoing; Mon, 14 Oct 1996 23:31:29 -0700 (PDT) Received: from nemesis.acronet.net (nelson@nemesis.acronet.net [207.7.26.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA04460 for ; Mon, 14 Oct 1996 23:31:26 -0700 (PDT) Received: (from nelson@localhost) by nemesis.acronet.net (8.6.12/8.6.9) id BAA29200 for freebsd-chat@freebsd.org; Tue, 15 Oct 1996 01:30:09 -0500 From: Jeremy Nelson Message-Id: <199610150630.BAA29200@nemesis.acronet.net> Subject: Exportability of MD5, general case To: freebsd-chat@freebsd.org Date: Tue, 15 Oct 1996 01:30:08 -0500 (CDT) X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk (I sent this question to this list, because i know this list is for generally off-topic discussions, and this didnt seem to be appropriate to any other list. Thanks.) I know that FreeBSD uses MD5 because it can be exported, but I am not 100% sure to what extent MD5 can be used and still be exported. To describe my situation, I am working with a program (irc client), that traditionally has used an XOR-with-ascii-text algorithm for encryption. It hasnt been represented as anything other than being nominally secure (it would be too much hassle to decrypt it on the fly, given the neature of irc). My idea was to use MD5, to generate a 128-bit hash value (much like what PGP does) out of the ascii-text password, and then do the XOR encryption with that 128-bit value. My question is, is the legality of exporting MD5 limited only to how one uses MD5 or is it legal to do anything with the value returned by the MD5 functions? Would my idea be illegal to export? Or is the XOR encryption algorithm fundamentally insecure (which is not a big problem, im only looking for a nominal increase in security, not a massive increase), that the government doesnt consider it to be dangerous? Thanks for any advice you might offer. Jeremy Nelson