Prev: why does PKCS#1 use the LCM instead of Euler's totient function?
Next: Asymmetric key length recommendations
From: MK1024 on 16 Apr 2010 21:12
I am from Australia and I believe there are regulations in place
covering cryptology but they are hard to find. I have only found
extracts on non Government sites. It seems like I am free to use
cryptology and share amongst Australians but you have to get an export
licence for anything else?

What would happen if I posted come code samples here or on a non
Australian code sharing website?

As a beginner I imagine the big boys would be able to crack my code in
a second or get dirty cause they can't?

I have written a BMP steganography code sample where the plain test
message is also encrypted with RC4 to make it a bit harder for an
opponent.

The other is a sample application incorporating my first my attempt at
writing my own cypher. it's a 128bit block cipher.

Nothing new on either accounts.

From: Dave -Turner on 17 Apr 2010 00:10
You need export permission if the govt regard it as strong crypto, but its
free and easy enough to obtain. About eight years ago I wrote a crypto
program that utilised "strong" (which was then defined as 56 or 64bit+)
encryption. No homegrown ciphers though, just an array of existing ones.

Anyway I contacted the govt, cant remember which agency now though sorry,
and they flew two guys here to Perth over from the eastern states - one from
the DSD, the other from ASIO. They came in, both very young guys in their
late 20s, I made them a cup of tea and we had a brief discussion about the
program, and that was literally all there was to it - export permission
obtained. Kinda made me wonder why they even bothered flying over, but I do
make nice tea. Things may've changed in the last 8 years though, but I'm
pretty sure you still need export permission unless the strength is <56bit.

http://www.efa.org.au/Issues/Crypto/cryptfaq.html
http://austlii.edu.au/itlaw/articles/Gunning_Encryption.html


From: amzoti on 17 Apr 2010 09:08
On Apr 16, 6:12 pm, MK1024 <megank1...(a)hotmail.com> wrote:
> I am from Australia and I believe there are regulations in place
> covering cryptology but they are hard to find. I have only found
> extracts on non Government sites. It seems like I am free to use
> cryptology and share amongst Australians but you have to get an export
> licence for anything else?
>
> What would happen if I posted come code samples here or on a non
> Australian code sharing website?
>
> As a beginner I imagine the big boys would be able to crack my code in
> a second or get dirty cause they can't?
>
> I have written a BMP steganography code sample where the plain test
> message is also encrypted with RC4 to make it a bit harder for an
> opponent.
>
> The other is a sample application incorporating my first my attempt at
> writing my own cypher. it's a 128bit block cipher.
>
> Nothing new on either accounts.

http://www.efa.org.au/Issues/Crypto/cryptfaq.html#auscont (see item 8)
From: unruh on 17 Apr 2010 13:26
On 2010-04-17, MK1024 <megank1024(a)hotmail.com> wrote:
> I am from Australia and I believe there are regulations in place
> covering cryptology but they are hard to find. I have only found
> extracts on non Government sites. It seems like I am free to use
> cryptology and share amongst Australians but you have to get an export
> licence for anything else?

See
http://rechten.uvt.nl/koops/cryptolaw/index.htm
which has a survey of crypto laws from around the world.

First paragraph
Export is regulated through the Defence and Strategic Goods List, last
changed in June 1999 according to the December 1998 Wassenaar
Arrangement. This includes the General Technology Note, exempting
public-domain software from controls. Mass-market software is regulated
according to the Wassenaar limits. There is a personal-use exemption
(export is allowed for lawful permanent residents, provided they keep
control of the crypto and make sure it is not transferred anywhere; a
record must be kept for 3 years).

>
> What would happen if I posted come code samples here or on a non
> Australian code sharing website?

Could well be regarded as export, putting you under the legal guns,
unless it fell under the General Technology Note.

>
> As a beginner I imagine the big boys would be able to crack my code in
> a second or get dirty cause they can't?
>
> I have written a BMP steganography code sample where the plain test
> message is also encrypted with RC4 to make it a bit harder for an
> opponent.
>
> The other is a sample application incorporating my first my attempt at
> writing my own cypher. it's a 128bit block cipher.
>
> Nothing new on either accounts.
>

The web is not a good place for legal advice. For that go to a lawyer
familiar with the cryptolgy law in Australia (good luck in finding one).
Or get in touch with the Electronic Frontiers Australia who might be
able to put you in touch with one.

From: MK1024 on 17 Apr 2010 19:15

>
> The web is not a good place for legal advice. For that go to a lawyer
> familiar with the cryptolgy law in Australia (good luck in finding one).
> Or get in touch with the Electronic Frontiers Australia who might be
> able to put you in touch with one.

No actually thanks, this has been good advice. Maybe I could get my
code posted somewhere for review or advice how to get around the rules
but I now think those laws are there for a reason and if someone did
something bad with my code, I would expect to get into trouble. The
Government can't block all crypto export because that would be
uneconomical. But I am sure it is interested in some sort of control.

My code does not fit the export qualifications where it has to meet
all the following:-

>Generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following:
>1. Over-the-counter transactions;
>2. Mail order transactions;
>3. Electronic transactions; or
>4. Telephone call transactions;
>The cryptographic functionality cannot easily be changed by the user;
>Designed for installation by the user without further substantial support by the supplier; and
>When necessary, details of the goods are accessible and will be provided, upon request, to the competent authorities of the Member State in which the >exporter is established in order to ascertain compliance with conditions described in paragraphs a. to c. above.

1. It is NOT being sold (So can’t be tracked who has it?)
2. It CAN easily be changed by the user (Makes it harder for
authorities to decrypt?)

I am going to shelve the code and direct my personal studies to less
controversial technologies. Sure it has been fun working out how this
stuff works but I don’t need any heat.

There can be no possible good from me working on new ciphers or adding
to the hundreds of Steganography programs out there. Besides if for
some reason someone did want to encrypt or hide something why not use
a tried and true commercial program.


 |  Next  |  Last
Pages: 1 2 3
Prev: why does PKCS#1 use the LCM instead of Euler's totient function?
Next: Asymmetric key length recommendations