Non-ATT 'crypt(3)'
Geoff Arnold
geoff at suneast.uucp
Wed Dec 18 00:36:44 AEST 1985
Alex Osadzinski, Unix Europe Ltd, London, England
writes:
> ... Further, any competent programmer
> can reproduce the crypt(3) code in an afternoon from a functional description.
Oh really? The problem is, the only functional description other than the
code is the 'crypt(3)' man page, which vaguely says that the 'salt' is
"used to perturb the DES algorithm in one of 4096 different ways". Can you
deduce the algorithm without looking at the code? And what would be
the legal position if someone looked at the code, wrote down a suitable
functional description and gave it to you? My guess is that either they
would be publishing it (and thus be in breach of their AT&T license) or
acting as your agent, in which case it's as though you did it yourself. As
the man page points out, the routine incorporates "variations intended
(among other things) to frustrate use of hardware implemen-
tations of the DES for key search." (Gee - by quoting THAT am I in trouble?
Probably not - this could be construed as a review, I guess.) Presumably
this whole question is one of the "other things" mentioned.
Now a further question. How have the Un*x clones gone about it? Do systems
such as Coherent, UNOS, etc. use an equivalent algorithm (i.e. could I pick
up a Un*x passwd file, drop it on one of their systems and just use it)?
--
#include <sys/disclaimer.h> /* co. lawyers: will this do? */
Geoff Arnold =-=-= Quick: 617-863-8870 x136 (but ya gotta catch me!)
Sun Microsystems Inc.-=-=- Slower: {hplabs,ihnp4,nsc,pyramid}!sun!suneast!geoff
East Coast Division. =-=-= Slowest:One Cranberry Hill, Lexington, MA 02173
More information about the Comp.unix
mailing list