I worked for a chopper factory in the UK back in the day. We had Novell servers. NetWare CAs back then did as they were told and would only offer rubbish encryption. We used it for throwaway stuff and manually cranked out certs with OpenSSL for important stuff. We also watched firewall logs ...
For a while, exports were limited to 40-bit symmetric key strength and 512-bit moduli for DH and RSA. I had forgotten about the limits being raised to 56 bits for a few years before being fully dropped by the Clinton administration.
There was a brief attempt to get around the pushback against key length restrictions with the Clipper chip[0]. The idea was to give everyone 80-bit Skipjack encryption while enabling U.S. law enforcement intercept by having the chip refuse to function if it wasn't shown a valid escrow message (LEAF) for the key it was using. Skipjack was classified at the time and supposedly stronger than anything commercially available at the time. The problem was that LEAF itself only used a 16-bit authentication code, so it was trivial to bruit-force another LEAF message that would work with your session key, but yield garbage data in a wire tap.
I worked for a chopper factory in the UK back in the day. We had Novell servers. NetWare CAs back then did as they were told and would only offer rubbish encryption. We used it for throwaway stuff and manually cranked out certs with OpenSSL for important stuff. We also watched firewall logs ...