From owner-freebsd-current Mon Dec 16 08:24:28 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id IAA15596 for current-outgoing; Mon, 16 Dec 1996 08:24:28 -0800 (PST) Received: from grackle.grondar.za (LOKGfoLq8ZM2cgLEuJdJOYOlw28fQJg1@grackle.grondar.za [196.7.18.131]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA15589 for ; Mon, 16 Dec 1996 08:24:22 -0800 (PST) Received: from grackle.grondar.za (PSCAJjOaHdsAiGhxBAxrrMKZX/ghjkeW@localhost [127.0.0.1]) by grackle.grondar.za (8.8.4/8.8.4) with ESMTP id SAA22596; Mon, 16 Dec 1996 18:23:52 +0200 (SAT) Message-Id: <199612161623.SAA22596@grackle.grondar.za> To: peter@spinner.DIALix.COM (Peter Wemm) cc: freebsd-current@freebsd.org Subject: Crypto (Was: Re: Plan for integrating Secure RPC -- comments wanted) Date: Mon, 16 Dec 1996 18:23:51 +0200 From: Mark Murray Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Somebody designed a "broken" version of DES that purely became a 1-way hash > function (exportable, just like md5) that had no chance of being "converted" > to encrypt/decypt data (which would make it export restricted). Gnu's libcrypt has an export license. I don't se why we shouldn't. > There is a difference between encrypting a known block of data to a result > that can be decoded back to the original data, and irreversibly hashing a > key (ie: password) in a way that comes up with the same results as the > "encrypt a block of nulls" method. > > Anyway, the problem then becomes.. How do you choose the default encryption > type for the new merged crypt() when it doesn't have a precedent to go on? I have some ideas: 1) a config file (say): /etc/crypt.conf if a line in it says "method: DES" or "method: MD5", the appropriate format is chosen. 2) Environment variable (EUGH :-() 3) PHKMalloc method: make a symlink to a an appropriate name: /etc/crypt.method -> /etc/Do_MD5 (or -> /etc/Do_DES). I like #1. It shouldn't take me long to do it. > I know this doesn't have much to do with Secure RPC, but it would get rid of > the dual versions of /sbin/init, /bin/ed, libcrypt etc. I would like Er, wait - init and ed use libcipher, which is two-way :-( :-( :-( > libcrypt to go away and become a stub library just like > libresolv/libgnumalloc. Hear, hear! M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE