Non-ATT 'crypt(3)'

[Doug Gwyn <gwyn>]

> > Does anyone know of a version of 'crypt(3)' which doesn't contain
> > AT&T code, and is therefore not bound by U*ix licensing strictures?
> 
> Let us be careful about posting something to a world-wide network that
> might break State Department "rules."

Although U.S. intellectuals have been fairly successful at selling
us all down the river, there is still hope if enough citizens would
realize that our government was established to serve its people,
not (as in many other countries) the other way around.  No agent of
the government has any business restricting the flow of information
among free men, or spying on its citizens, or searching their
property without warrant, or many of the other things that Federal
agencies have taken upon themselves.  The only way to maintain what
liberty still exists and regain that that has been lost, is to
become aware of the oppressive acts of the bureaucracy and to NOT
LET THEM GET AWAY WITH IT.  The spook agencies, in particular, have
felt that they are above ethics and normal law, and this is made
worse by their virtual unaccountability.  James Bamford's "The
Puzzle Palace", although slow going in places, is a fairly accurate
eye-opener for those who have not realized the extent of the
U.S. government's attempt to control the flow of information.
Generally the Commerce and State Department rules are based on what
the DOD (NSA) tells them, and you can be assured that the NSA is not
committed to the long-term benefit of humanity (via improved state
of knowledge) but rather to the short-term concrete interests of a
single nation.  To anyone who is a supporter of the ideas on which
this nation was founded, this mindless "patriotism" is counter-
revolutionary.

The best thing that could happen regarding data encryption would be
for a cheap (fast and easy), reliable, secure encryption scheme to
be universally adopted.  (None of the standard UNIX software remotely
qualifies.)  This would not put the NSA out of business, since crib-
dragging, tickling, eavesdropping on unencrypted traffic, traffic
analysis, and other techniques could still be exploited, but it
would sure make their budget-to-results ratio soar.  There are
provably secure schemes that require an impractical amount of secure
key, but any information theorist worth his salt should be able to
independently arrive at the ideas behind unicity distance, which is
a measure of how much ciphertext is required to have a reasonable
chance of successful cryptanalysis (a function of system structural
complexity and key length).  If one changes the key more fequently
than the unicity distance, statistical attacks on the cipher stream
become unprofitable, although experienced cryptanalysts should
nonetheless probe a system for exploitable weaknesses before it is
fielded (strong in theory may not mean strong in practice, due to a
variety of potential problems such as tendency of bits to stick,
susceptibility to operator error leading to isomorphic transmissions,
failure to shield electronics that handles the clear text, etc.).
In spite of the relative simplicity of setting up practically secure
communications, amazingly enough incredibly easy-to-break systems
have been and are still used for very sensitive information.  Let's
get these leaks plugged so we can keep snoops' noses out of our data.
Meanwhile, let's question the wisdom of throttling freedom in the
name of "protecting" it.