Date: Mon, 16 Dec 1996 18:23:51 +0200 From: Mark Murray <mark@grondar.za> To: peter@spinner.DIALix.COM (Peter Wemm) Cc: freebsd-current@freebsd.org Subject: Crypto (Was: Re: Plan for integrating Secure RPC -- comments wanted) Message-ID: <199612161623.SAA22596@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
> Somebody designed a "broken" version of DES that purely became a 1-way hash > function (exportable, just like md5) that had no chance of being "converted" > to encrypt/decypt data (which would make it export restricted). Gnu's libcrypt has an export license. I don't se why we shouldn't. > There is a difference between encrypting a known block of data to a result > that can be decoded back to the original data, and irreversibly hashing a > key (ie: password) in a way that comes up with the same results as the > "encrypt a block of nulls" method. > > Anyway, the problem then becomes.. How do you choose the default encryption > type for the new merged crypt() when it doesn't have a precedent to go on? I have some ideas: 1) a config file (say): /etc/crypt.conf if a line in it says "method: DES" or "method: MD5", the appropriate format is chosen. 2) Environment variable (EUGH :-() 3) PHKMalloc method: make a symlink to a an appropriate name: /etc/crypt.method -> /etc/Do_MD5 (or -> /etc/Do_DES). I like #1. It shouldn't take me long to do it. > I know this doesn't have much to do with Secure RPC, but it would get rid of > the dual versions of /sbin/init, /bin/ed, libcrypt etc. I would like Er, wait - init and ed use libcipher, which is two-way :-( :-( :-( > libcrypt to go away and become a stub library just like > libresolv/libgnumalloc. Hear, hear! M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612161623.SAA22596>