Xenix & crypt (fairly LONG)

Wed Apr 3 06:07:17 AEST 1985

> 4. The CRYPT command has been removed from Xenix 3.0b. The
>    crypt commands contains classified algorithms, and has
>    been removed in order to comply with goverment regulations
>    covering international distribution of Xenix.
> 
> Anyone know anything about this?

   There are two parts to this:  1) the attitude of the U.S. government (DoD,
NSA, CIA), and 2) the approaches taken by various vendors to avoid the issue.

   1) For several years there has been a battle of words between the government
and researchers regarding encryption technology, with the government requesting
that all cryptologic research results be "born classified".  This notion has
been vehemently resisted by the research community (see almost any issue of the
Communications of the ACM for the last 5 or so years) and is as yet unresolved.
   Eventually the U.S. Dept of Commerce placed an export embargo on ALL
cryptologic technology.  Now, this does not mean that your favorite Caesar
cipher game couldn't be sold overseas; you possibly would, however, have to
apply for an export license on a sale-by-sale basis.  This can be quite a
headache for any company attempting to do business internationally ... which
leads us to ...

   2) When Motorola undertook to ship SYSTEM V/68 (binary AT&T-validated 68000
port of Un*x System V) overseas, our Legal department advised us of this issue.
At that point (Jan '84) I contacted our AT&T account rep and asked how AT&T was
resolving this issue.  The answer was that there was a separate, sanitized
version of Un*x for international sale.  They had approached the National
Security Agency (NSA) to review the cryptologic contents of Un*x.  While the NSA
refused to say what AT&T should do to avoid it, they did say that there was
enough in Un*x to require an export license.  The following sanitization WAS
acceptable to the NSA and Dept of Commerce (not a quote):

	The crypt(1) command is removed.  The ability to create or edit
	encrypted files with ed(1), ex(1) and vi(1) editors has been removed.
	The "-x" option command line option and the editor's command, X,
	are no longer valid.  The crypt(3C) family of subroutines has
	been modifie:  setkey() is removed and decryption by the encrypt()
	function is disallowed.  (Note:  Encryption by the crypt() and
	encrypt() subroutines is still suppported.  Hence, password validation
	at login time is not affected.)

It was Motorola's decision (and apparently Microsoft's) to sell only one
instance of Un*x.  Hence, the cryptologic technology is totally deleted from all
software, whether sold domestically or internationally.  Domestic customers
may request, as a separate item, those items which were deleted.

>                                    If this is true why is
> /usr/lib/makekey still included? Has DES been made classified?
> and couldn't a task force of CCCP's best computer scientists
> hack it out of the kernal? Is the world coming to an end, er
> what?

/usr/lib/makekey does not contain any cryptologic technology so is not affected.
DES is probably not classified but it is under export embargo.  There is no
encryption technology in the kernel.

[I AM NOT REPRESENTING MOTOROLA OR AT&T IN ANY WAY.  I OFFER THE PRECEDING AS
 AN INDIVIDUAL.  IT IS ACCURATE TO THE BEST OF MY RECALL AND NOTES.]
-- 
<< Generic disclaimer >>
Fred Christiansen, Motorola Microsystems, Tempe  {ihnp4,allegra}!sftig!mot!fred
{ihnp4,seismo}!ut-sally!oakhill!mot!fred         {ihnp4,amdahl}!drivax!mot!fred