12-13-2021, 04:44 PM
(10-20-2021, 06:57 PM)Vavaldi Wrote: If you share and publish code on the hashcat repo as an individual you're adding to the public code base...
So in what theoretical scenarios could you be in violation...
"Cryptanalysis" software is an export controlled item (5D002c) under the Wassenaar agreement, but local legal implementation is what counts. So, no way around a professional local legal advice...
To generalize:
If you publish code related to "cryptanalysis" the first time then you are probably exporting it.
In some countries, it might be automatically decontrolled if you intend to open-source it. But in this thread there is already one country example (Germany) listed where it definitely still is controlled no matter the intention.
If the code is an add-on or adjustment to other (prior) open-source software ... probably doesn't matter. What does matter, is what exactly the code does. If it isn't related to "cryptanalysis" then there shouldn't be an issue.
Hashcat and similar software may or may not be considered "cryptanalysis". This definition, as well as legal penalties, probably also differ between countries.
Understanding the thinking of export authorities can be easier if substituting the term "cryptanalysis" by "missile technology". Not every "add-on" is harmless only because the core building-plans have been published already.