From owner-freebsd-security Fri May 29 18:34:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA20886 for freebsd-security-outgoing; Fri, 29 May 1998 18:34:22 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA20851 for ; Fri, 29 May 1998 18:34:13 -0700 (PDT) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id LAA28999; Sat, 30 May 1998 11:33:50 +1000 (EST) Date: Sat, 30 May 1998 11:33:49 +1000 (EST) From: "Daniel O'Callaghan" To: Steve Reid cc: freebsd-security@FreeBSD.ORG Subject: Re: MD5 v. DES? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 May 1998, Steve Reid wrote: > MD5 also has the benefit of being exportable, whereas DES is subject to > restrictions in many countries because it was designed for encryption. In source code, yes. It is, in fact, legal to export programs and .o files which perform a DES-based hashing such as the standard Unix password scheme. Hence, if you buy a commercial Unix OS outside the USA, you get DES style passwords, but you can't get the source, and the vendor leaves out the programs which do data-privacy encryption. The reason that hashing is exportable is that it is only useful for identification and integrity, not privacy. MD5 is a hashing-only algorithm, and so can be freely exported from the USA. DES-hashing source can't be exported because it is trivial to turn it into DES-privacy code. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message