Date: Thu, 14 Aug 1997 20:48:41 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: Re: Apache 1.3a1 Authentification (re) (fwd)
In-Reply-To: <199708150349.UAA04842@mail2.sirius.com>
Message-ID: <Pine.LNX.3.95dg3.970814204628.31732S-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

The problem is that unix crypt() is a one-way function.  Our auth scheme
is based on having a one-way function.  So your two-way code can't just be
plugged in. 

The "proper" NT solution is probably different than the proper unix
solution. 

All of this is also clouded by export control issues.  We can quite easily
pick up a crypt() function from one of the freely available unixes.  But
we probably can't just stick it in our code tree.  Although I wonder how
the linux folks get away with it.  The FreeBSD folks use md5 which can be
exported. 

Dean

On Thu, 14 Aug 1997, Eric Esselink wrote:

> Ok, i'll make things VERY easy for you. I have a function 
> you can call which encrypt data blocks for you.
> I also have a simular decrypt function.
> Interested in this file ?
> 
> ----------
> > From: Marc Slemko <marcs@worldgate.com>
> > To: new-httpd@apache.org
> > Subject: Re: Apache 1.3a1 Authentification (re) (fwd)
> > Date: Wednesday, August 13, 1997 10:41 PM
> > 
> > On Wed, 13 Aug 1997, Eric Esselink wrote:
> > 
> > > NT 4.0 does have encryption/decryption functions simular to crypt.
> > > The win32 calls use DES encryption.
> > 
> > If it has a decryption half it isn't similar to crypt.  <g>  
> > 
> > crypt() is normally based on DES, but isn't quite the typical DES
> > encryption you would use for two-way encryption.
> > 
> > ...but I wouldn't know if it could be made useful because I don't
> > do NT.  Ok, ok, I have access to NT boxes but no development 
> > environment.
> > 
>