Security for UNIX ... looking for crypt() ...
Jim Reid
jim at cs.strath.ac.uk
Wed Jun 13 20:41:58 AEST 1990
In article <BAI.90Jun12185622 at dirac.iesd.auc.dk> bai at iesd.auc.dk (Bo Nygaard Bai) writes:
In article <13087 at smoke.BRL.MIL> gwyn at smoke.BRL.MIL (Doug Gwyn) writes:
>The export control concerns are solely due to legal considerations
>and government bureaucracy, not because anyone is seriously worried
>about crypt() "falling into the wrong hands".
Don't forget protectionism. This is, as i see it, the only possible reason.
Rubbish. What Doug Gwyn says above is absolutely right.
Software to implement DES has been openly published and the DES
specification will be available from any decent reference library.
What could possibly be protectionist about something that is so freely
available? DES is anything but a trade or military secret.
What is an algorithm with export restrictions doing in UNIX ?
Crypt(1) and crypt(3) have been around in UNIX for far longer than the
US export regulations on encryption software. The crypt() routine
continues to be exported by US vendors since it is used for login
authentication rather than encryption.
Secure NFS, mail etc. uses some form of the DES algorithm. When a SUN
workstation leaves the US it has no des(1) or crypt(1), and no DES
chip. This makes it virtually impossible to use secure NFS.
This is no bad thing considering how insecure "secure" NFS is.
Jim
More information about the Comp.unix.questions
mailing list