rotor alternative?

[Paul Rubin]

jjl at pobox.com (John J. Lee) writes:
> First, not necessarily, if you're in a country that has legislation
> controlling strong encryption (and yes, we know "that should be
> fixed", but sadly we don't have that power ;-).  

I don't know of any country that controls strong encryption and
doesn't control weak encryption.  Back before the US export controls
on encryption softened up, the regulations were quite clear, you had
to get a government license to export any kind of encryption whether
it was weak or strong.  The only difference was that weak encryption
was easier to get licenses for, but you still had to get a license.
Rotor would not have been exportable without a license.  Even today,
you still need a license, but for cryptography in programs like Python
(whether weak or strong) you get the license automatically by
notifying the Commerce department by email what it is that you're
exporting (http://www.bxa.doc.gov/Encryption).

> Second, if you have
> to have the key around anyway (true for some applications), it really
> doesn't matter how secure the algorithm is.

I'm not sure what you're getting at here.  The normal use of
cryptography is to transmit or store data that can be intercepted by
an attacker.  Obviously you don't transmit or store the key with the
data.