ted@cbosgd.ATT.COM (Ted Aseltine) (10/22/86)
Since crypt(1) (and associated programs, like passwd) can't be exported, does anyone know of internationally-available add-on packages which perform similar functions? I presume that customers overseas would not like UNIX with no login security any better than we do!
falk@sun.UUCP (10/23/86)
> Since crypt(1) (and associated programs, like passwd) can't be exported, > ... Actually, could someone just post the DES algorithm in english? I'd like to know how it works. I'm sure *that's* not a national secret or something. -- -ed falk, sun microsystems falk@sun.com sun!falk
guy@sun.UUCP (10/23/86)
> Since crypt(1) (and associated programs, like passwd) can't be exported, > does anyone know of internationally-available add-on packages which > perform similar functions? I presume that customers overseas would > not like UNIX with no login security any better than we do! 1) "passwd" is NOT an "associated program" of "crypt". "crypt" uses a rotor machine (which can be broken; see "File Security and the UNIX System Crypt Command", by J. A. Reeds and P. J. Weinberger, in the AT&T Bell Laboratories Technical Journal, October 1984, Vol. 63, No. 8, Part 2), while the UNIX system's password encryption uses a tweaked form of DES. 2) No, customers overseas don't want a UNIX with no login security, so international versions of UNIX come with password encryption. In fact, I believe they supply the exact same password encryption code that domestic versions do; I believe versions shipped abroad that comply with export restrictions just have code that forbids "raw" access to the DES #ifdeffed in! 3) I don't think the federal government said, with a full understanding of what they were saying, "thou shalt not export 'crypt' nor versions of 'ed' nor 'vi' with the encryption code built in, nor shalt thou export the UNIX system's DES password encryption code in a fashion that permits people to use it to encrypt files." It's more likely that there is a general regulation about the export of encryption technology, and rather than go through the hassle of trying to get an export license for this stuff, AT&T just punted and said "OK, we won't bother exporting this stuff in a form that requires a license." Does anybody have the *real* story? -- Guy Harris {ihnp4, decvax, seismo, decwrl, ...}!sun!guy guy@sun.com (or guy@sun.arpa)