I feel generous, so i am going to teach you a little something about hashes. When you create a web account for you online banking, the banks server does not actually store your password. The banks server stores SHA-256 (being extremely optimistic) hash of your password. When you log in the web server compares stored hash to the hash of the password you provided. If the two match, you are in. Now imagine that I hacked the webserver and stole the file which has the hash value of your password. I still can't log in and take your money; i need to find a string which will hash to the same value as the hash of your real password, then use that string to log into the banks server and take your money. There are many strings which would match hash value of your password, but the only way i can find one of them is to start hashing all of the possible strings, until i find one whose hash matches the hash of your password. This is why SHA-256 is under export control. Imagine if i had a super computer doing 1PHps, it would take me less time to randomly find a string which matches your passwords hash. So, US gvt restricts export of SHA-256 to Export Licensed companies. It does not mean it can not be exported, it just means company doing the export/import needs export/import license. Sending SHA-256 cores to china for assembly would require export license.