From owner-freebsd-hackers  Wed Jun 14 11:47:47 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA22642
          for hackers-outgoing; Wed, 14 Jun 1995 11:47:47 -0700
Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA22629
          ; Wed, 14 Jun 1995 11:47:32 -0700
Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id UAA22348; Wed, 14 Jun 1995 20:47:11 +0200
Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id UAA07887; Wed, 14 Jun 1995 20:47:10 +0200
Message-Id: <199506141847.UAA07887@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol
To: secure@freebsd.org, hackers@freebsd.org
Subject: DES, Crypt and eBones.
Date: Wed, 14 Jun 1995 20:47:10 +0200
From: Mark Murray <mark@grondar.za>
Sender: hackers-owner@freebsd.org
Precedence: bulk

Hi folks!

I have had a good look at the secure code in the last few weeks, and
quite frankly, it is a mess.

The problems with the code I see are:
(in no particular order)

1) I see no reason for 'ebones' and 'secure' to be separated the way
   they are. I believe they should be combined into one "export-
   restricted" bunch.

2) The "crypt" routine is not part of the DES library. There is a faster
   crypt(3) from Eric Young that could quite easily be symlinked (or
   whatever) to our code. Having one crypto library makes more sense.

3) The DES library is out of date. I have Eric Young's latest offering,
   and Kerberised telnet is just round the corner.

4) There are some nasty bugs. If you have both NIS and eBones/Kerberos,
   password authentication goes for a loop. ie you can only login with
   Kerberos password, and this does not work with ftpd(8) etc. I have
   a send-pr about this, and intend to address these problems.

5) There is no secure RPC. The code exists, but has not been ported.
   This can be sorted out with the help of the later DES library.

I have commit privelige, but I would like a "boffin" to help me check out
this stuff before I bung it in.

Is anyone interested?

-- 
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200