• 0

My Encryption Algorithm...


Question

I was unsure what forum to post this in...

I've been working on an encryption algorithm for sometime now which I simply call Cypher. The problem is the max keylength is 131072 bytes (128k). Because of this, I worry that it would be illegal to release this algorithm.

Back in Jan '04, a friend opened up a Sourceforge project for me, located here. Because of the 'legal' issues, I have yet to upload anything to this page. And due to the inactivity, somebody has put in a request to take the project name "Cypher". Details on that can be found here. I'm unsure if I should let them take over the project or not.

I was hoping to find someone here on Neowin who might know a thing or two about this. I need to know if it would be worth the trouble, if there might be some chance that it would be legal for me to upload source files for Cypher.

Please don't bring up issues about security. I personally have no proof that the algorithm is secure, other than my own recognition. I'm sure no one here trusts me, and I don't blame you either. I can assure you this is much more than just some crappy XOR encryption though...

Link to comment
https://www.neowin.net/forum/topic/336243-my-encryption-algorithm/
Share on other sites

8 answers to this question

Recommended Posts

  • 0

IANAL, but in general, it should be OK, because ITAR no longer classifies strong cryptography as arms. Although you said don't mention security... I don't want to be to discouraging, but cipher design should really be left to the experts...

Also, http://www.rsasecurity.com/rsalabs/node.asp?id=2327 has some more notes about this subject.

  • 0

Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

  • 0
  xinok said:
Thanks for the reply zeta.

Quoted from the link:

Today, any cryptographic product is exportable under a license exception (that is, without a license) unless the end-users are foreign governments or embargoed destinations (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan as of January 2000).

I'm not sure what they would consider 'exporting' under these laws. For example, if I were to upload code to a server, and a person from one of those areas downloads it, could I get in trouble for that?

586114988[/snapback]

put a licence agrement on it, basically saying do not use if you are in these countrys

  • 0

I *think* it's safe to export source code, but it was illegal to export actual strong encryption software. Now these rules are changed to the ones mentioned above.

This trick was used by PGP to circumvent the export restriction. The code was exported, compiled in another country but the US and the imported in binary form. This way it was legal.

So I think it's perfectly safe to upload your sources to sourceforge. (but don't hold me liable if this is not 100 percent accurate)

  • 0
  MurrayF1 said:
put a licence agrement on it, basically saying do not use if you are in these countrys

586115012[/snapback]

Sounds good :)

For now, I'm going to reclaim my Cypher project on Sourceforge. Then I should probably find somebody to write a license agreement for me, as I'm sure I would mess it up :blink:

I'm still gonna hold back on releasing source code until I'm absolutely sure its safe, but hopefully I'll be able to do so soon enough.

  • 0
  code_monkey said:
http://www.crypto.com/exports/ - Send the email and you should be fine.

586115204[/snapback]

Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?
  • 0
  xinok said:
Thanks a lot for that link. So just to be sure, I simply send an email with a URL to where the source code will be available? And should I wait for a reply in my email or anything before uploading the code?

586115329[/snapback]

I've fairly certain that its just notification, you don't need a confirmation.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • AliExpress faces EU crackdown, makes promises to fight illegal products by Paul Hill The European Commission has taken two significant actions against the Chinese online marketplace AliExpress under the Digital Services Act (DSA) in a bid to enhance user and consumer safety online. The first action was to get AliExpress to commit to several legally binding commitments to address issues related to advertising and recommender systems. The second action was the publication of preliminary findings which found that AliExpress had breached obligations regarding the spread of illegal products. AliExpress can now respond to the Commission but if the broken rules are confirmed then AliExpress can expect to be fined. The Digital Services Act is a new tool that the EU has to regulate large online platforms. It aims to level the business playing field, protect fundamental rights of users, create a safer digital space, and improve transparency from businesses. AliExpress's pledges: More transparency, safer shopping As part of the pledges made by AliExpress, it will do more to monitor and detect illegal products such as medicines, food supplements, and adult material propagated through hidden links and affiliate programs. To help flag illegal items, AliExpress has promised to improve its notice and action mechanism. Other pledges include enhancements to the internal complaint handling system; more transparency for advertising and recommender systems; better traceability of traders on the platform; and improved data access for researchers. By implementing these rules, the European Commission hopes it can make AliExpress safer for registered and non-registered users by limiting the exposure to illegal content. Deep dive into AliExpress's alleged failures With regards to the preliminary findings, the Commission found that AliExpress had underestimated the risks because it had not allocated enough resources to moderation systems for illegal products. It also found that the company had failed to consistently enforce its penalty policy against those publishing illegal content. The Commission also discovered systemic failures in AliExpress’s proactive content moderation systems that allowed malicious traders to continue to operate or start operating on the platform. AliExpress is designated as a Very Large Online Platform (VLOP) which means it has to meet certain standards set out by the EU. The aforementioned violations are against the quality of operation that the EU expects from VLOPs. The company now has the right to defend itself against the EC’s findings, it can examine the documents and reply in writing, but if the findings are confirmed, AliExpress could face fines and be required to submit an action plan.
    • Author/Neowin... The title is incorrect and misleading... By the official blog post, it's not "indefinitely". There's a clear statement that development continues with a few specific target areas, and a new release date TBD and announced later. If it is later announced to be cancelled or delayed indefinitely, that's another story.
    • I hate Microsoft. My parents almost lost all drive content. As senior citizens they are unable to follow constant "improvements" Microsoft is dropping on its users. My mother's laptop is normally unlocked with a PIN. It is unexplicable for non-It person, that there is some cloud mictosoft account, that has a different password than the Pin and user ID is e-mail, but not necessarily normal Gmail addree, and even if the person knows this email address the password is not the password used for this email account. Just too much of twists. Suddenly her laptop ordered entering "decryption key" before booting. It was miracle we managed to guess email address associated with the PC that was used for Microsoft account. She would had lost everything on the drive. Why are they doing this? Privacy may be important for some people, but data loss is much more important for most of the people.
    • Yesterday I've got a notification that Windows Hello couldn't recognize me and asked if I would like to improve it after I manually entered my PIN in the dark If it weren't for an article like this, I would still think that there's something wrong with my camera. I can just imagine how many people are not reading tech news and are still confused.
  • Recent Achievements

    • First Post
      xuxlix earned a badge
      First Post
    • First Post
      Tomek Święcicki earned a badge
      First Post
    • One Year In
      carlitin86 earned a badge
      One Year In
    • Reacting Well
      Peterlll06 earned a badge
      Reacting Well
    • Week One Done
      Peterlll06 earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      671
    2. 2
      ATLien_0
      284
    3. 3
      Michael Scrip
      223
    4. 4
      +FloatingFatMan
      192
    5. 5
      Steven P.
      145
  • Tell a friend

    Love Neowin? Tell a friend!