• 0

My Encryption Algorithm...

Asked by +Xinok,

 Share

Question

Grand Master

+Xinok Subscriber²

Posted
  • Subscriber²
Posted

I was unsure what forum to post this in...

I've been working on an encryption algorithm for sometime now which I simply call Cypher. The problem is the max keylength is 131072 bytes (128k). Because of this, I worry that it would be illegal to release this algorithm.

Back in Jan '04, a friend opened up a Sourceforge project for me, located here. Because of the 'legal' issues, I have yet to upload anything to this page. And due to the inactivity, somebody has put in a request to take the project name "Cypher". Details on that can be found here. I'm unsure if I should let them take over the project or not.

I was hoping to find someone here on Neowin who might know a thing or two about this. I need to know if it would be worth the trouble, if there might be some chance that it would be legal for me to upload source files for Cypher.

Please don't bring up issues about security. I personally have no proof that the algorithm is secure, other than my own recognition. I'm sure no one here trusts me, and I don't blame you either. I can assure you this is much more than just some crappy XOR encryption though...

Link to comment
https://www.neowin.net/forum/topic/336243-my-encryption-algorithm/
Share on other sites

8 answers to this question

Recommended Posts

  • 0
Rising Star

zeta

Posted
Posted

IANAL, but in general, it should be OK, because ITAR no longer classifies strong cryptography as arms. Although you said don't mention security... I don't want to be to discouraging, but cipher design should really be left to the experts...

Also, http://www.rsasecurity.com/rsalabs/node.asp?id=2327 has some more notes about this subject.

  • 0
Grand Master

+Xinok Subscriber²

Posted
  • Author
  • Subscriber²
Posted

Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

  • 0
Community Regular

MurrayF1

Posted
Posted
  xinok said:
Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

586114988[/snapback]

put a licence agrement on it, basically saying do not use if you are in these countrys

  • 0
Rising Star

505

Posted
Posted

I *think* it's safe to export source code, but it was illegal to export actual strong encryption software. Now these rules are changed to the ones mentioned above.

This trick was used by PGP to circumvent the export restriction. The code was exported, compiled in another country but the US and the imported in binary form. This way it was legal.

So I think it's perfectly safe to upload your sources to sourceforge. (but don't hold me liable if this is not 100 percent accurate)

  • 0
Grand Master

+Xinok Subscriber²

Posted
  • Author
  • Subscriber²
Posted
  MurrayF1 said:
put a licence agrement on it, basically saying do not use if you are in these countrys

586115012[/snapback]

Sounds good :)

For now, I'm going to reclaim my Cypher project on Sourceforge. Then I should probably find somebody to write a license agreement for me, as I'm sure I would mess it up :blink:

I'm still gonna hold back on releasing source code until I'm absolutely sure its safe, but hopefully I'll be able to do so soon enough.

  • 0
Grand Master

+Xinok Subscriber²

Posted
  • Author
  • Subscriber²
Posted
  code_monkey said:
http://www.crypto.com/exports/ - Send the email and you should be fine.

586115204[/snapback]

Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?
  • 0
Veteran

Mike Douglas

Posted
Posted
  xinok said:
Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?

586115329[/snapback]

I've fairly certain that its just notification, you don't need a confirmation.

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.