Export grade cryptography is encryption software which were limited in key size by the government of the USA, as part of the Crypto Wars. Since cryptography was considered to be a technology that would be dangerous if it fell into the hands of the enemy, restrictions were placed on its export. RSA, one of the more common cryptographic schemes, was limited to use 512 bit keys, which would allow easy decryption by intelligence agencies.
The legacy of export grade cryptography is that it remains in many software applications today, partly through negligence and partly through ignorance. As a result of its presence, it has become a common way to attack any software that encrypts its communications. FREAK and Logjam are two attacks which made use of this vulnerability.
Additional Information
- FREAK (“Factoring RSA Export Keys”) is an exploit of the SSL/TLS protocol making use its legacy export grade cryptography restrictions.
- Logjam is an exploit of the Diffie–Hellman key exchange by making use of its legacy export grade cryptography restrictions.
Last updated: 5 November 2017