For a while, exports were limited to 40-bit symmetric key strength and 512-bit moduli for DH and RSA. I had forgotten about the limits being raised to 56 bits for a few years before being fully dropped by the Clinton administration.
There was a brief attempt to get around the pushback against key length restrictions with the Clipper chip[0]. The idea was to give everyone 80-bit Skipjack encryption while enabling U.S. law enforcement intercept by having the chip refuse to function if it wasn't shown a valid escrow message (LEAF) for the key it was using. Skipjack was classified at the time and supposedly stronger than anything commercially available at the time. The problem was that LEAF itself only used a 16-bit authentication code, so it was trivial to bruit-force another LEAF message that would work with your session key, but yield garbage data in a wire tap.
[0] https://en.wikipedia.org/wiki/Clipper_chip#Technical_vulnera...
No comments yet.
