gn@loonam.UUCP (The Unknown one) (03/30/85)
I just got my Xenix 3.0b update for an Altos (986) we have
here and enclosed in the development system (*the real
meat*) was the following notice:
...
4. The CRYPT command has been removed from Xenix 3.0b. The
crypt commands contains classified algorithms, and has
been removed in order to comply with goverment regulations
covering international distribution of Xenix.
Anyone know anything about this? If this is true why is
/usr/lib/makekey still included? Has DES been made classified?
and couldn't a task force of CCCP's best computer scientists
hack it out of the kernal? Is the world coming to an end, er
what?
Yours in paranoia,
Greg
---
ihnp4!umn-cs!{circadia,digi-g}!loonam!gnphysics@utcs.UUCP (David Harrison) (03/31/85)
Yup, crypt is now classified and UNIX being shipped outside the USA has it removed. Reason why I know is that Canada is outside the USA (for now) and our latest Hewlett-Packard HP-UX (Sys III) has crypt carefully removed. I have a recurring fantasy of a hacker sneaking into the Russki consultate and trying to sell a copy of crypt.c Probably worth about 98 cents and a bag of seed corn for helping kremvax!gorbchv find out his root password.
outer@utcsri.UUCP (Richard Outerbridge) (04/01/85)
This sounds silly. The DES ("dez") can be freely exported for use
in Canada (by specific exemption from U.S. controls); crypt(1) is
'classified'? Hmmmm. Unless, of course, the DES is even weaker
than crypt(1). Unlikely.
More to the point it may be a simple matter of bureaucracy. If no
blanket exemption from export controls is available, than the onus may
fall on the exporter to get a permit for each and every exportee. So
perhaps 'classified' means 'proprietary' (not already in the public
domain - crypt(1): Bell trade secret!) and no one wants to bother getting
formal approval for export to each foreign licensee.
Notice, by the way, ye fans of free trade, that while Canadian export
regulations put no control on cryptographic data exported from here
to south of the 49th, I don't think it works the other way round. So
much for reciprocity.
--
Richard Outerbridge <outer@utcsri.UUCP> (416) 961-4757
Payload Deliveries: N 41 39'36", W 79 23'42", Elev. 106.47m.gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (04/01/85)
> 4. The CRYPT command has been removed from Xenix 3.0b. The > crypt commands contains classified algorithms, and has > been removed in order to comply with goverment regulations > covering international distribution of Xenix. The algorithm is by no stretch of the imagination "classified". The Department of Commerce prohibits exportation of many things, including cryptographic systems. Apparently AT&T lawyers have decided not to fight the issue, since they now remove "crypt" etc. from the "international version" of UNIX. This whole issue is pretty silly; another example of your tax dollar being wasted.
al@mot.UUCP (Al Filipski) (04/02/85)
the crypt(1) UTILITY is, according to internal comments, a "one-rotor
machine, designed along the lines of Enigma, but considerably
trivialized". It is not DES, as makekey (actually crypt(3))
is. It is not clear to me at this point whether the Commerce Dept.
(or whoever) has indeed ruled that crypt is "secret technology", not to
be exported, or companies are just afraid that they MIGHT
because of some blanket warning about cryptographic stuff.
In either case, it is ludicrous to "restrict the export" of well-known,
WWII technology. (especially when it deprives us REAL AMURRICANS
of a useful utility.)
--------------------------------
Alan Filipski, UNIX group, Motorola Microsystems, Tempe, AZ U.S.A
{allegra|ihnp4}!sftig!mot!al OR {seismo|ihnp4}!ut-sally!oakhill!mot!al
--------------------------------
"Paranoia strikes deep; into your life it will creep"
--some sixties groupfred@mot.UUCP (Fred Christiansen) (04/02/85)
> 4. The CRYPT command has been removed from Xenix 3.0b. The > crypt commands contains classified algorithms, and has > been removed in order to comply with goverment regulations > covering international distribution of Xenix. > > Anyone know anything about this? There are two parts to this: 1) the attitude of the U.S. government (DoD, NSA, CIA), and 2) the approaches taken by various vendors to avoid the issue. 1) For several years there has been a battle of words between the government and researchers regarding encryption technology, with the government requesting that all cryptologic research results be "born classified". This notion has been vehemently resisted by the research community (see almost any issue of the Communications of the ACM for the last 5 or so years) and is as yet unresolved. Eventually the U.S. Dept of Commerce placed an export embargo on ALL cryptologic technology. Now, this does not mean that your favorite Caesar cipher game couldn't be sold overseas; you possibly would, however, have to apply for an export license on a sale-by-sale basis. This can be quite a headache for any company attempting to do business internationally ... which leads us to ... 2) When Motorola undertook to ship SYSTEM V/68 (binary AT&T-validated 68000 port of Un*x System V) overseas, our Legal department advised us of this issue. At that point (Jan '84) I contacted our AT&T account rep and asked how AT&T was resolving this issue. The answer was that there was a separate, sanitized version of Un*x for international sale. They had approached the National Security Agency (NSA) to review the cryptologic contents of Un*x. While the NSA refused to say what AT&T should do to avoid it, they did say that there was enough in Un*x to require an export license. The following sanitization WAS acceptable to the NSA and Dept of Commerce (not a quote): The crypt(1) command is removed. The ability to create or edit encrypted files with ed(1), ex(1) and vi(1) editors has been removed. The "-x" option command line option and the editor's command, X, are no longer valid. The crypt(3C) family of subroutines has been modifie: setkey() is removed and decryption by the encrypt() function is disallowed. (Note: Encryption by the crypt() and encrypt() subroutines is still suppported. Hence, password validation at login time is not affected.) It was Motorola's decision (and apparently Microsoft's) to sell only one instance of Un*x. Hence, the cryptologic technology is totally deleted from all software, whether sold domestically or internationally. Domestic customers may request, as a separate item, those items which were deleted. > If this is true why is > /usr/lib/makekey still included? Has DES been made classified? > and couldn't a task force of CCCP's best computer scientists > hack it out of the kernal? Is the world coming to an end, er > what? /usr/lib/makekey does not contain any cryptologic technology so is not affected. DES is probably not classified but it is under export embargo. There is no encryption technology in the kernel. [I AM NOT REPRESENTING MOTOROLA OR AT&T IN ANY WAY. I OFFER THE PRECEDING AS AN INDIVIDUAL. IT IS ACCURATE TO THE BEST OF MY RECALL AND NOTES.] -- << Generic disclaimer >> Fred Christiansen, Motorola Microsystems, Tempe {ihnp4,allegra}!sftig!mot!fred {ihnp4,seismo}!ut-sally!oakhill!mot!fred {ihnp4,amdahl}!drivax!mot!fred
guy@rlgvax.UUCP (Guy Harris) (04/03/85)
> In either case, it is ludicrous to "restrict the export" of well-known, > WWII technology. (especially when it deprives us REAL AMURRICANS > of a useful utility.) It's especially ludicrous, considering the number of V7 and System III systems (and probably System V and even S5R2 systems, considering the only source distribution we got that had all this International System V b******t was S5R2V2, and I'll bet lots of VARs sent it out with "crypt") that have *already been sent* to foreign countries with "crypt". I agree with Doug Gwyn; AT&T probably figured the safest course was to chicken out. It is amusing to note that the S5R2V2 CRYPT(3) code is pretty much identical to earlier versions, except that all references to DES in the comments have been replaced with references to "an encryption algorithm" or somesuch... > "Paranoia strikes deep; into your life it will creep" > --some sixties group (Buffalo Springfield, to be precise.) Guy Harris sun!guy
piet@mcvax.UUCP (Piet Beertema) (04/04/85)
>For several years there has been a battle of words between the >government and researchers regarding encryption technology, with >the government requesting that all cryptologic research results >be "born classified". >Eventually the U.S. Dept of Commerce placed an export embargo on >ALL cryptologic technology. There happen to be more countries on this world than just the USA, where research on encryption technology is being done too. Most of them do not show the paranoid US CIA/NSA/DoW/DoC attitude. So if you need it, just ask around in Europe (perhaps kremvax.....), Australia, Japan... -- Piet Beertema, CWI, Amsterdam ...{seismo,okstate,garfield,decvax,philabs}!mcvax!piet
newton2@ucbtopaz.CC.Berkeley.ARPA (04/04/85)
Based on my continuing embroilment with NSA and the Dept. of Commerce on the issue of exporting crypto devices (voice security) here's how I understand their position: DES may NOT be exported except for certain specified purposes, which I believe encompass banking, financial transaction and possibly point-of- sale terminals. Please don't tax ME me the Carrollian logic thAT SEEMS TO (whoops- accidental caps lock) underlie this "policy". RSA is exportable "for key exchange but not for encryption applications" they seem to be worried about implementations that are capable enough for crypt purposes, but I can't really be sure. When you say that DES flourishes on both sides of the water, your customers might want to use it and they appear to be forcing you to export code with a DES-shaped hole in it together with Brer rabbit-type instructions not under any circumstances to path DES into that briar patch, they (NSA) just shrug and say there's more things in COMSEC heaven and earth than are dream't of in my philosophy. I really and truly don't understand what they want or are up to WRT to this DES stuff- it just hurts American companies, as far as I can tell, since there's no dearth of skill and security consciousness elsewhere, based on my recent travels in Europe. By the way, regarding the ITAR restrictions on crypto devices exported from/to USA, I THINK that their are essentially no restrictions onm USA exports to Canada (although of course Canada is depended upon to reliably manage controls on the re-export of equipt. to third countries. By the way, let me repeat here an apparently VAX-aborted appeal for info on the key-management scheme to be used in NSA's multi-gigabuck secure telephone project. NY Time sdescribe two (classified and civilian) key management centers and a vaguely defined proces of key-insertion at machine birth. What then? RSA? Please, someone, a comprehensive posting pronto-- I an't keep getting my information on cryptography from the National Enquirer! Thanks, Doug Maisel 415 548-4858 ucbvax!ucbtopaz!newton2
karn@petrus.UUCP (04/05/85)
If DES is so sensitive, then why was the algorithm published in the Federal Register? How about all of the books that have been written on cryptography in the past ten years that include sections on DES? How about Scientific American, which has carried articles on Feistel ciphers and public key systems? Or do you need an export license to subscribe to it overseas? I thought the rules applied only to hardware, e.g., DES chips. But then again I wouldn't expect logic and reason to apply to an administration that seizes chess playing machines, but says that it will "give away" our Star Wars technology to the Russkies. Phil
gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (04/06/85)
The really stupid thing is, DES has been published in the open literature.
chongo@nsc.UUCP (Landon Noll) (04/08/85)
In article <321@petrus.UUCP> karn@petrus.UUCP writes: >If DES is so sensitive, then why was the algorithm published in >the Federal Register? How about all of the books that have been written >on cryptography in the past ten years that include sections on DES? Even more stupid is how easy it is to mung the international version of crypt(3). Login still uses crypt(3), but only to ENCRYPT, not decrypt. Anyone who does a diff of the US crypt(3) and the "US-international" crypt(3) will find only 3 major types of changes. Do a simple diff of the two versions and see for yourself. It would not be too hard to mung crypt(3) source if you only had the international version. Any binary user can, with a bit of thought, form decrypt(3) from crypt(3). Look at the DES as noted in the Fed. register. Notice that there is a 16 strange encryption going on. Now since they removed the encrypt/decrypt flag from the encrypt(3) routine (diff the old and new crypt(3) man pages) one might guess that encrypt(3) itself needs to be munged. Take your friendly dis-asm prog (use adb, or whatever...) and try to find this 16 stage loop. Adjust the loop so that it starts at the high value and steps in the reverse direction. You now have encrypt doing a decryption. Of course, if a binary user has the Fed. register, they might as well write a routine for it! But some folks might want to form their own binary version of decrypt(3) just out of spite. :-) chongo <try RSA> /\oo/\ -- no comment is a comment.
karn@petrus.UUCP (04/08/85)
It's even easier to build a crypto system out of a "one way" function like crypt(). Just use it as a source of hard-to-guess pseudo random numbers, and exclusive-OR them with the plaintext. Decryption involves generating the same series and exclusive-ORing them with the ciphertext. There is no need to "invert" the cipher function itself. Any pseudo- random generator that is hard to "invert" (ie, not a linear feedback shift register) will work. This is the "stream cipher" form of DES. If I had the money, I'd love to set up a T1 line from here to somewhere in Europe. Then I'd do nothing but run purely random, electronically generated NOISE over it. The NSA would find my "code" impossible to "crack" and they'd log it all away in the vault in hopes of being able to "decode" it someday. Only at the T1 rate of 1.544 mb/sec, this would take about 30 inches of 6250 bpi magtape per second, or about 93 2400' reels per day, or 33,837 reels per year. Meanwhile, I'd buy up all the land near Fort Meade and wait for the Government to start expanding their tape storage sites... Phil
chongo@nsc.UUCP (Landon Noll) (04/10/85)
In article <323@petrus.UUCP> karn@petrus.UUCP writes: >If I had the money, I'd love to set up a T1 line from here to somewhere >in Europe. Then I'd do nothing but run purely random, electronically generated >NOISE over it. The NSA would find my "code" impossible to "crack" and they'd >log it all away in the vault in hopes of being able to "decode" it someday. >Only at the T1 rate of 1.544 mb/sec, this would take about 30 inches >of 6250 bpi magtape per second, or about 93 2400' reels per day, or >33,837 reels per year. Meanwhile, I'd buy up all the land near Fort Meade >and wait for the Government to start expanding their tape storage sites... You would have to be careful that you did not, by chance, transmit the locations of all CIA agents over that line; lest the NSA come to your house and ZAP you to itty-bitty-bits. Remember that if a team of monkeys hitting enough keys could do it, so could your line. (much sooner too, since monkey baud rate is much lower) Also remember that the human mind seems to have a very good ability to pull order out of randon patterns. If they wanted to hard enough, they might just be able to see anything go across your line. I myself would buy stock in mag tape firms that supply tapes to the NSA. chongo <WARNING: transmission of noise could violate national security> /\aa/\ -- no comment is a comment.
gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (04/12/85)
> Also remember that the human mind > seems to have a very good ability to pull order out of randon patterns. > If they wanted to hard enough, they might just be able to see anything > go across your line. I do not believe the NSA would make such a mistake. If you recall the life history of Wm. F. Friedman (founder of modern cryptography), it would seem most unlikely. By the way, if anyone has a legal set or partial set of Friedman & Callimahos "Military Cryptanalysis", I would be interested in arranging for a copy. That is perhaps the best textbook series ever written!
dww@stl.UUCP (David Wright) (04/16/85)
Don't people out there (in the NSA etc.) realise that we have had UNIX in Europesince BEFORE they decided that we shouldn't have CRYPT? There are lots of non-USA sites with the DES-version en/decrypt in their previous versions of UNIX. So all this stupid restriction is doing is forcing new UNIX sites to waste time chasing about to see who has a copy on their older site. It won't stop DES getting out of the USA! The stable door has been opened. It's too late to shut it now.