ted@cbosgd.ATT.COM (Ted Aseltine) (10/22/86)
Since crypt(1) (and associated programs, like passwd) can't be exported, does anyone know of internationally-available add-on packages which perform similar functions? I presume that customers overseas would not like UNIX with no login security any better than we do!
falk@sun.UUCP (10/23/86)
> Since crypt(1) (and associated programs, like passwd) can't be exported, > ... Actually, could someone just post the DES algorithm in english? I'd like to know how it works. I'm sure *that's* not a national secret or something. -- -ed falk, sun microsystems falk@sun.com sun!falk
guy@sun.UUCP (10/23/86)
> Since crypt(1) (and associated programs, like passwd) can't be exported, > does anyone know of internationally-available add-on packages which > perform similar functions? I presume that customers overseas would > not like UNIX with no login security any better than we do! 1) "passwd" is NOT an "associated program" of "crypt". "crypt" uses a rotor machine (which can be broken; see "File Security and the UNIX System Crypt Command", by J. A. Reeds and P. J. Weinberger, in the AT&T Bell Laboratories Technical Journal, October 1984, Vol. 63, No. 8, Part 2), while the UNIX system's password encryption uses a tweaked form of DES. 2) No, customers overseas don't want a UNIX with no login security, so international versions of UNIX come with password encryption. In fact, I believe they supply the exact same password encryption code that domestic versions do; I believe versions shipped abroad that comply with export restrictions just have code that forbids "raw" access to the DES #ifdeffed in! 3) I don't think the federal government said, with a full understanding of what they were saying, "thou shalt not export 'crypt' nor versions of 'ed' nor 'vi' with the encryption code built in, nor shalt thou export the UNIX system's DES password encryption code in a fashion that permits people to use it to encrypt files." It's more likely that there is a general regulation about the export of encryption technology, and rather than go through the hassle of trying to get an export license for this stuff, AT&T just punted and said "OK, we won't bother exporting this stuff in a form that requires a license." Does anybody have the *real* story? -- Guy Harris {ihnp4, decvax, seismo, decwrl, ...}!sun!guy guy@sun.com (or guy@sun.arpa)
cjh@hpausla.OZ (Clifford Heath) (10/24/86)
In article <2775@cbosgd.ATT.COM> ted@cbosgd.UUCP (Ted Aseltine) writes: >Since crypt(1) (and associated programs, like passwd) can't be exported, >does anyone know of internationally-available add-on packages which >perform similar functions? I presume that customers overseas would >not like UNIX with no login security any better than we do! As this foreigner understands the restriction, it is not ENcryption programs that are restricted, but DEcryption algorithms. The Un*x password encryption is a one-way encryption, and hence not subject to restriction. However, versions of ed and vi that edit encrypted files need to decrypt them, so they are not (or were not, at one time) shipped internationally on HP gear, and obviously crypt(1) isn't either. Clifford Heath (ACSnet: cjh@hpausla.oz, UUCP ...!hplabs!hpfcla!hpausla!cjh) P.S. Not speaking for HP here, go ask them if it's true! P.P.S. No other disclaimers, our law hasn't (quite) reached the pits of perversity!