DES-PIC-able

DES-PIC-able is an implementation of DES (Data Encryption Standard) on a PIC16C84. The 'C84 was chosen for its ability to store encryption keys in its on-board EEPROM, such that they can be programmed in-circuit but not retrieved.

DES-PIC-able uses less ROM, less RAM, and fewer CPU cycles than the Microchip DES implementation for the PIC17C42. The code should work with only minor changes on the PIC17C42.

Legal Issues

The US International Traffic in Arms Regulations (ITAR) consider implementations of cryptographic algorithms to be munitions. Unfortunately because of this stupidity I am unable to export DES-PIC-able without first obtaining an export license from the State Department. I don't want to get into the same legal mess as Phil Zimmerman, author of PGP, so I can't make it available on the net.

Currently I will only provide DES-PIC-able to people who mail me notarized proof that they are US citizens.

There exist several FTP sites that have taken precautions to distribute cryptographic software only within the US, such as the MIT site that distributes PGP. If anyone running such an FTP site wants to distribute DES-PIC-able I would be pleased to provide it.

See "My Life as an International Arms Courier" by Matt Blaze for an example of how this stupidity can affect seemingly innocuous activities in bizarre ways. Apparently it is impossible to comply with the export laws even if you try!

WARNING

It has recently come to my attention that the security fuse of the PIC16C84 is fairly easy to defeat, so I don't actually recommend storing sensitive information such as cryptographic keys in the PIC unless you can guarantee physical security for the device itself. See this message from the PIC mailing list for more information.

It is claimed that the other PIC variants are not succeptible to this specific attack on the PIC16C84. It may be reasonable (for example) to use a PIC16C71 if you only need fixed keys for the life of the PIC, or to load the keys into RAM such that they are lost if power is removed.

References

Many people have asked me for general references on cryptography. IMHO the best general reference is Bruce Schneier's book Applied Cryptography, 2nd edition.
Back to my PIC Projects page
Back to my home page

Last updated March 1, 1996

Copyright 1995, 1996 Eric Smith

eric@brouhaha.com