List Info

Thread: Us vs. Other PGP
Us vs. Other PGP
user name
 2006-01-20 18:16:16 
Is there any practical diference between the version of PGP
you 
should download only within the USA, and international
versions such 
as that from pgpi.com?

I was wondering since you are apparently not supposed to
download the 
American version if you are outside the country.

Is this stipulation merely a formality to enable American
sites to 
follow the letter of their law regarding export of 
cryptographic "munitions", so they can point users
to an 
international site where they would basically be downloading
an 
identical product?  Or is there a real difference between
the 
programs - I'm thinking here in terms of cryptographic
strength, such 
as key length.

I was reminded of this point as I have just finished Simon 
Singh's "The Code Book".  This is now 5-6 years
old, but on p308-9 he 
states that in the USA there are no restrictions on key
size, 
compared to restrictions which exist on crypto software
exported from 
it, as US software companies are still not allowed to export
strong 
cryptography.

Hence "browsers exported to the rest of the world can
handle only 
short keys, and thus offer only moderate security".  He
states, as an 
example, that because of this restriction, the crytographic
security 
of buying a book online in, say, the UK would be "a
billion, billion, 
billion times less secure" than buying it within the
USA.

I realise, as Singh states, that the cost of attacking such
a less 
securely encrypted credit card transaction would be no doubt
be much 
greater than the typical limit on the card, but does his
point still 
pertain in 2006, or have things changed since 1998-9 when he
wrote 
the book?

Is a secure online transaction in the UK still really so
much less 
secure (at leats in algorithmic terms) than one in the USA?






____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )