httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aram W. Mirzadeh" <>
Subject Re: secure transfer using skey
Date Tue, 05 Sep 1995 13:41:27 GMT
At 08:56 PM 9/4/95 +0100, you wrote:
>In reply to Aram W. Mirzadeh who said
>> At 02:33 PM 9/2/95 +0800, you wrote:
>> DES( I think ) you can add crypt to it.... but you have to load a whole bunch
>> of stuff into it.  The only difference between FreeBSD, and Linux is that 
>> FreeBSD is a US product, the main production goes on here.   Linux's 
>> main production is in Finland.  Which means, they don't have access to 
>> things like crypt, so it never gets into the disterbution.  I'm sure someone 
>> out there has created the correct files/libs for crypt to get integerated
>> Linux, but most likely, it will never get into the public disterbution. 
>FreeBSD is most definately NOT a US product and you should be rather more
>careful about making definitive statements about projects that you are not
>directly involved in. FreeBSD is an international project just like Apache
>is, it just happens to be hosted on a US site at this point in time.

Sorry, didn't mean anything by it. 

>Anyway, onto the technical issues, FreeBSD has an MD5 based crypt which IS
>exportable because it is a one-way encoding and is therefore not
>encryption. An algorithm is only encryption technology if the encrypted
>item can be decrypted using a key. MD5 cannot be and therefore is not
>encryption and is therefore not covered by the export laws. The libcrypt
>library in FreeBSD is carefully designed to only do the one-way encoding
>so that it is not covered by US export restrictions. 

Hmm... I do agree with you here.
>We also supply a DES based crypt of which there are two versions,
>one of which is available on US sites and another that is available
>on non-US sites, although in practice they're identical since the
>changes to the non-US version get imported to the US version.
>FreeBSD has s/key by default and it works perfectly well with either
>crypt library since all the crypt() call does is encode the plain-text
>in some way and whether you use a one-way encoding such as MD5 or an
>encryption algorithm such as DES makes no difference.

I don't know about this.  having two versions that is.  I know that if you run
skey on a linux system and on any other OS, ( ex dos is the one I tried )
you get two different set of results.   And I belive I heard somewhere that
the Linux people had to specificly take out the crypt stuff for it to be 
exportable.  I'm not sure if they were told to remove it or removed it by 
themselves.  I'll check into this.  

Aram W. Mirzadeh, MIS Manager, Qosina Corporation,
Apache httpd server team

View raw message