On Mon, Oct 26, 2015 at 9:11 PM, Farhat, Sam (GE Aviation, US) <samgeorge.farhat@xxxxxx> wrote: > Thanks for clearing that up. > Online search was conflicting, some pages with emails indicated there is encryption code in libgcj, in this link: https://gcc.gnu.org/ml/gcc/2006-02/msg00051.html > > Is that incorrect information? If its *only* hashing as stated by the fellow Tom, then the answer is likely NO, GCC does not need to self classify. GCC can even use public key and secret/shared key algorithms as long as its used for authentication *only*. There's also a "NLR" or "No License Required" exception for public key and secret/shared key algorithms algorithms < 64 bits (IIRC), but I've never seen anyone use it. However, as soon as the algorithm is used for *encryption* (and its 64-bits or greater), then a commodity product must self classify. Also, GCC's (or even OpenSSL or Crypto++) requirements are easier than commodity products using them. The only action projects like GCC, OpenSSL and Crypto++ have to do is send an email to the Encryption Coordinator (the email address and the Ft. Meade, MD mailing address is the NSA, btw). Commodity products would have to do more, like signing up for the SNAP-R account, creating and uploading documentation, uploading required forms, sending printed copies of the documentation to the Encryption Coordinator via snail mail, etc. (Sorry if I am speaking out of turn. I've been through the process four times). Jeff
