[Python-Dev] Needed: contractor to answer crypto questions
Guido van Rossum
guido at python.org
Wed Oct 29 22:39:33 EST 2003
I was approached by a legal firm with the questions below about
Python's crypto capabilities, from the POV of a legal review of
exporting software that embeds Python. I don't have time to research
the answers myself (I'm no crypto expert). If you think you can
answer the questions, please send me a price quote and I'll forward it
to them. They'd like the answers ASAP.
--Guido van Rossum (home page: http://www.python.org/~guido/)
------- Forwarded Message
>
> Hello Guido,
[...]
>
> I understand Python is open source, but when open source code is
> integrated in a commercial product, the owner of the commercial product
> must include the open source code in their product analysis for U.S.
> export classification purposes. Although as open source, Python falls
> under an export control exception, this exception is lost once the code is
> offered in a commercial product.
>
> I would appreciate your help in obtaining some additional technical
> information in order to complete my export classification analysis.
[...]
>
> 1. We have been advised the following encryption content is in Python.
> We are looking for additional information regarding the encryption
> content:
> a. The Rotor module, which implements a very ancient
> encryption algorithm based on the German Enigma. Please tell us the
> symmetric key length of the encryption contained within this module.
> Please also advise the asymmetric key exchange algorithm length.
> b. The wrapper module for Open SSL. Again, please tell
> us the symmetric key length of the encryption content contained within
> this module. Please also advise the asymmetric key exchange algorithm
> length
> c. The following questions apply to both the Rotor
> module and the wrapper module:
> i. can the encryption function be directly
> accessed, or modified, by the end user?
> ii. Do either of these encryption components
> contain an "Open Cryptographic Interface" (an interface that is not fixed
> and permits a third party to insert encryption functionality)
>
>
> The following chart is an example of the type of information I need to
> submit to the U.S. government. Would you be able to provide similar
> information regarding the encryption component(s) included within Pyton?
>
> EXAMPLE:
>
> Algorithm Source Key-min Key-max Modes
> RC2 OpenSSL 40 128 CBC, ECB, CFB, OFB
> ARC4 OpenSSL 40 128 N/A (stream encryption)
> DES OpenSSL 40 56 CBC, ECB, CFB, OFB
> DESX OpenSSL 168 168 CBC
> 3DES-2Key OpenSSL 112 112 CBC, ECB, CFB, OFB
> 3DES OpenSSL 168 168 CBC, ECB, CFB, OFB
> Blowfish OpenSSL 128 CBC, ECB, CFB, OFB
> Diffie-Hellman OpenSSL 192* 16384* Key-exchange, authentication
>
> DSA OpenSSL Digital Signature
> MD5 OpenSSL Integrity
> SHA-1 OpenSSL Integrity
> * No explicit limit, these appear to be the practical range of values.
[...]
------- End of Forwarded Message
More information about the Python-Dev
mailing list