Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good algorithms and protocols are required, and good system design and implementation is needed as well. For instance, the operating system on which the crypto software runs should be as carefully secured as possible. Users may handle passwords insecurely, or trust 'service' personnel overtly much, or simply misuse the software. (See social engineering.) "Strong' thus is an imprecise term and may not apply in particular situations.
Examples that are not considered cryptographically strong include:
The Secure Sockets Layer protocol, used to secure Internet transactions, is generally considered strong, but an early "international" version, with a 40-bit effective key to allow export under pre-1996 U.S. regulations, was not.
Dept. Of Commerce Grants eSoft Right To Export Strong Cryptography.(Company Business and Marketing)(Brief Article)
Apr 24, 2000; eSoft Inc. (Nasdaq: ESFT) announced that the Dept. of Commerce has granted them permission to export stronger versions of its...
U.S. said ready to lift export bar on 'strong' code.(US government to end restrictions on exports of financial encryption systems)(Brief Article)
May 08, 1997; The U.S. government is about to lift export restrictions on the use of strong cryptography for financial transactions, a Clinton...