[comp.sys.hp] crypt BS?

steve@apollo.cfht.hawaii.edu (Steven Smith) (07/31/90)

So why does running the crypt command produce the following message:
"This command is not available."?

Yes, I read the FM, and it lamely proclaims:
"The decryption facilities provided by this software are
under control of the United States Government and cannot be
exported without special licenses.  These capabilities are
only available by special arrangement through HP."

What kind of chowder-headed BS is this?  It's not like the 
commies couldn't have gotten it 57 zillion time in the past.
(And still can from a "standard" Unix implementation, read SunOS)
Let alone the fact that there are DES algorithms (and *code*) floating
around ?!  

Just how am I supposed to keep my prying sysadm from reading all my files?
(nevermind that he is me).  Or decrypt all those things I crypted
with an earlier version of the OS?

Is this only happening to me because I work at Canada-France-Hawaii Telescope
Corp (a non-profit US company, with a foreign sounding name)?

snarl, (but not at you ;-)
steve
--
Steven S. Smith 		Canada-France-Hawaii Telescope Corp. 
steve@cfht.hawaii.edu

wayne@dsndata.uucp (Wayne Schlitt) (07/31/90)

In article <STEVE.90Jul30153405@apollo.cfht.hawaii.edu> steve@apollo.cfht.hawaii.edu (Steven Smith) writes:
> 
> 
> So why does running the crypt command produce the following message:
> "This command is not available."?
> 

its to remind you not to use the crypt command because you can break
the encryption fairly easily by using the crypt-breakers-workbench.
(available at any source archive near you... 1/2 :-)


> 
> Just how am I supposed to keep my prying sysadm from reading all my files?
> (nevermind that he is me).  

to keep prying sysadmins from reading your files, use one of the good
des encryption programs available at a source archive near you.

> [ ... ]                     Or decrypt all those things I crypted
> with an earlier version of the OS?

umm... you can either restore the crypt command from a backup, get
someone else with the crypt command to decript it for you, or get the
crypt-breakers-workbench...

> 
> Is this only happening to me because I work at Canada-France-Hawaii Telescope
> Corp (a non-profit US company, with a foreign sounding name)?
> 

no, we dont have it either....



-wayne

guy@auspex.auspex.com (Guy Harris) (08/01/90)

>What kind of chowder-headed BS is this?  It's not like the 
>commies couldn't have gotten it 57 zillion time in the past.

You're dealing with government bureaucrats; chowder-headed BS is their
specialty.  I mean, really, it's based on a frigging *German* encryption
machine, which was broken by the *British* during WW2... but no, it's
*encryption technology*, which means it's *munitions*, so you have to
screw around with export licenses.

>(And still can from a "standard" Unix implementation, read SunOS)

Sun doesn't ship that stuff abroad, either....

>Is this only happening to me because I work at Canada-France-Hawaii Telescope
>Corp (a non-profit US company, with a foreign sounding name)?

Could be.  You might want to check whether you got a domestic HP-UX
release....

mlight@hp-ptp.HP.COM (Mike Light) (08/01/90)

>So why does running the crypt command produce the following message:
>"This command is not available."?

Technically speaking, because it uses puts(3C) to do so.  :-)

>Yes, I read the FM, and it lamely proclaims:
>"The decryption facilities provided by this software are
>under control of the United States Government and cannot be
>exported without special licenses.  These capabilities are
>only available by special arrangement through HP."

HP is a multi-national company, and has taken a conservative step
to insure that HP company cannot be accused of espionage by our dear
U.S. government.  By requiring all customers to apply for crypt(),
HP can attempt to show its good faith in "protecting U.S. intellectual
property".

>What kind of chowder-headed BS is this?

It is the "natural evolution" produced by U.S. government laws.

>It's not like the 
>commies couldn't have gotten it 57 zillion time in the past.
>(And still can from a "standard" Unix implementation, read SunOS)

Perhaps Sun does not try to handle international markets directly?
(beats me - I haven't looked at their marketing department).

>Is this only happening to me because I work at Canada-France-Hawaii Telescope
>Corp (a non-profit US company, with a foreign sounding name)?

Nope - it's S.O.P. for all of our customers.

>snarl, (but not at you ;-)
>steve

No problem.  Chances are, your friendly S.E. can probably deliver
a crypt() for you.  "No charge" I hope.

-----------------------------------------------------------------------
 Mike Light  HP Industrial Applications Center - mlight@hpiala9.HP.COM
-----------------------------------------------------------------------

sartin@hplabsz.HPL.HP.COM (Rob Sartin) (08/01/90)

In article <STEVE.90Jul30153405@apollo.cfht.hawaii.edu> steve@apollo.cfht.hawaii.edu (Steven Smith) writes:
>So why does running the crypt command produce the following message:
>"This command is not available."?

The US Government, in its infinite wisdom, has decided that "crypt" is
sensitive munitions.  We aren't allowed to export it.  HP's solution is
to make one release tape that doesn't have the real crypt and ship that
to all customers.  I believe that US customers *might* be able to get
crypt through support channels.

>Let alone the fact that there are DES algorithms (and *code*) floating
>around ?!  

Crypt is not DES, it is far weaker.  It's a lousy tool anyway.  If you
don't believe it, try looking at cbw, the Crypt Breakers Workbench, from
comp.sources.unix.

Disclaimer:

If HP had an official net.spokesman, it certainly wouldn't be me.

Rob

rjn@hpfcso.HP.COM (Bob Niland) (08/01/90)

re: > "This command is not available."?

> "The decryption facilities provided by this software are under control of
>  the United States Government and cannot be exported without special
>  licenses.  These capabilities are only available by special arrangement
>  through HP."

> What kind of chowder-headed BS is this?

Official U.S. Goverment-required chowder-headed BS.


> It's not like the commies couldn't have gotten it 57 zillion times...

True, and they probably have that many round of small arms ammo, but both
"crypt" and the ammo are classified as "munitions" (I kid you not), and we
can't export them without a special license. 

Since we decided not to have an "export" version of HP-UX, nobody gets
"crypt" in the product.  Sorry.  If you are a genuine loyal Amuricun,
contact your Hewlett-Packard SE, SR or CE.  They can obtain crypt for you
through official channels.


> (And still can from a "standard" Unix implementation, read SunOS)

If SUN is routinely shipping crypt in export versions of SunOS, they are
skating on thin ice.  Many years ago, we debated long and hard about this
within HP, and decided to err on the side of caution.


> Let alone the fact that there are DES algorithms (and *code*) floating
> around ?!  

By restricting all implementations of algorithms more sophisticated than
Cap'n Midnight decoder rings, our ever-vigilant NSA presumably keeps
everyone guessing about which schemes are worth using.

Regards,                                              Hewlett-Packard
Bob Niland      Internet: rjn@hpfcrjn.FC.HP.COM       3404 East Harmony Road
                UUCP: [hplabs|hpfcse]!hpfcrjn!rjn     Ft Collins CO 80525-9599

donn@hpfcdc.HP.COM (Donn Terry) (08/01/90)

Bob is absolutely correct: crypt is a munition according to the gummnt.
(The rules are made by the same guys who would rather the US didn't export
buttons, because the <enemy du jour> soldiers would be less effective if
they had to use one hand to hold up their pants.  (I didn't make that
one up; it came from the folks actually talking to NSA and D of Commerce!)).
(That software is easier to replicate than buttons didn't faze them.)

We go thru this same issue about every six months because it clearly
doesn't make any sense, but those are the rules.  (We also check up on
it when we hear rumors that the rules might have changed; to our knowledge
those all have been unsubstantiated rumors.)

AT&T follows (last I was aware) the same rules with their source
products, but they do have separate domestic and international products;
when you order the domestic you get a useful version of crypt source.
(I don't know what their object products do.)

Also, as Bob says, you can get it from your local HP support folks; if they
say "Huh?", have them contact SE support.

Donn Terry
HP Ft. Collins

guy@auspex.auspex.com (Guy Harris) (08/03/90)

>If SUN is routinely shipping crypt in export versions of SunOS, they are
>skating on thin ice.

They're not (it's "Sun", not "SUN", BTW).  Prior to SunOS 4.1, there
were domestic and international distributions (except maybe in *very*
early releases, before this "munitions" nonsense was widely known; back
then, I think almost *everybody* shipped those Top Secret Deadly
Munitions abroad); in 4.1, there's one distribution, without the
encryption stuff, plus a US-only add-on tape with the encryption stuff.

bd@hpopd.HP.COM (Bob Desinger) (08/14/90)

> Yes, I read the FM, and it lamely proclaims:  [etc.]

Complain to your congressperson.  The encryption algorithm is
classified as a munition (!) by the US Government, from what I hear.

> Just how am I supposed to keep my prying sysadm from reading all my files?

Go to your local library and check out the issue of Computer Language
that published the implementation of crypt or DES or whatever it was,
and type in the code.  Or copy Stroustrup's simple encryption code
from his C++ book.

> Or decrypt all those things I crypted
> with an earlier version of the OS?

Get out your backup tapes from the previous version and see if you can
restore and run the old crypt.  I don't know if that would qualify you
for arrest by the FBI or something, so on second thought maybe you
better just leave those backup tapes alone.

Maybe the real problem is that you're lulling yourself into a false
sense of security by keeping confidential material on a computer.

I'm not speaking for HP.  No warranties or merchantability or fitness
for any particular purpose and all that.

-- bd