httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Esselink" <eesse...@sirius.com>
Subject Re: Apache 1.3a1 Authentification (re) (fwd)
Date Fri, 15 Aug 1997 18:27:31 GMT
Sighhhh... I'm afraid the NT port has a long way to go !

>> All of this is also clouded by export control issues.  
>>The win32 calls use DES encryption.
Which means you do NOT distribute the actual encryption functions at all.
NT has them built-in, and therefore you can distribute whatever you want.

>> The problem is that unix crypt() is a one-way function. 
If you don't put the decryption function into the sources and uses a random
encryption key, it sure looks like a one-way function to me !

I didn't invent the code, i just used MS's sample code and turned it into 
something usefull. I hate re-inventing the wheel, it's already perfect...

----------
> From: Dean Gaudet <dgaudet@arctic.org>
> To: new-httpd@apache.org
> Subject: Re: Apache 1.3a1 Authentification (re) (fwd)
> Date: Thursday, August 14, 1997 8:48 PM
> 
> The problem is that unix crypt() is a one-way function.  Our auth scheme
> is based on having a one-way function.  So your two-way code can't just
be
> plugged in. 
> 
> The "proper" NT solution is probably different than the proper unix
> solution. 
> 
> All of this is also clouded by export control issues.  We can quite
easily
> pick up a crypt() function from one of the freely available unixes.  But
> we probably can't just stick it in our code tree.  Although I wonder how
> the linux folks get away with it.  The FreeBSD folks use md5 which can be
> exported. 
> 
> Dean
> 
> On Thu, 14 Aug 1997, Eric Esselink wrote:
> 
> > Ok, i'll make things VERY easy for you. I have a function 
> > you can call which encrypt data blocks for you.
> > I also have a simular decrypt function.
> > Interested in this file ?
> > 
> > ----------
> > > From: Marc Slemko <marcs@worldgate.com>
> > > To: new-httpd@apache.org
> > > Subject: Re: Apache 1.3a1 Authentification (re) (fwd)
> > > Date: Wednesday, August 13, 1997 10:41 PM
> > > 
> > > On Wed, 13 Aug 1997, Eric Esselink wrote:
> > > 
> > > > NT 4.0 does have encryption/decryption functions simular to crypt.
> > > > The win32 calls use DES encryption.
> > > 
> > > If it has a decryption half it isn't similar to crypt.  <g>  
> > > 
> > > crypt() is normally based on DES, but isn't quite the typical DES
> > > encryption you would use for two-way encryption.
> > > 
> > > ...but I wouldn't know if it could be made useful because I don't
> > > do NT.  Ok, ok, I have access to NT boxes but no development 
> > > environment.
> > > 
> > 
> 

Mime
View raw message