I was approached by a legal firm with the questions below about Python's crypto capabilities, from the POV of a legal review of exporting software that embeds Python. I don't have time to research the answers myself (I'm no crypto expert). If you think you can answer the questions, please send me a price quote and I'll forward it to them. They'd like the answers ASAP. --Guido van Rossum (home page: http://www.python.org/~guido/) ------- Forwarded Message > > Hello Guido, [...] > > I understand Python is open source, but when open source code is > integrated in a commercial product, the owner of the commercial product > must include the open source code in their product analysis for U.S. > export classification purposes. Although as open source, Python falls > under an export control exception, this exception is lost once the code is > offered in a commercial product. > > I would appreciate your help in obtaining some additional technical > information in order to complete my export classification analysis. [...] > > 1. We have been advised the following encryption content is in Python. > We are looking for additional information regarding the encryption > content: > a. The Rotor module, which implements a very ancient > encryption algorithm based on the German Enigma. Please tell us the > symmetric key length of the encryption contained within this module. > Please also advise the asymmetric key exchange algorithm length. > b. The wrapper module for Open SSL. Again, please tell > us the symmetric key length of the encryption content contained within > this module. Please also advise the asymmetric key exchange algorithm > length > c. The following questions apply to both the Rotor > module and the wrapper module: > i. can the encryption function be directly > accessed, or modified, by the end user? > ii. Do either of these encryption components > contain an "Open Cryptographic Interface" (an interface that is not fixed > and permits a third party to insert encryption functionality) > > > The following chart is an example of the type of information I need to > submit to the U.S. government. Would you be able to provide similar > information regarding the encryption component(s) included within Pyton? > > EXAMPLE: > > Algorithm Source Key-min Key-max Modes > RC2 OpenSSL 40 128 CBC, ECB, CFB, OFB > ARC4 OpenSSL 40 128 N/A (stream encryption) > DES OpenSSL 40 56 CBC, ECB, CFB, OFB > DESX OpenSSL 168 168 CBC > 3DES-2Key OpenSSL 112 112 CBC, ECB, CFB, OFB > 3DES OpenSSL 168 168 CBC, ECB, CFB, OFB > Blowfish OpenSSL 128 CBC, ECB, CFB, OFB > Diffie-Hellman OpenSSL 192* 16384* Key-exchange, authentication > > DSA OpenSSL Digital Signature > MD5 OpenSSL Integrity > SHA-1 OpenSSL Integrity > * No explicit limit, these appear to be the practical range of values. [...] ------- End of Forwarded Message
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4