From owner-freebsd-isp  Wed Feb 11 01:27:40 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA22432
          for freebsd-isp-outgoing; Wed, 11 Feb 1998 01:27:40 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA22424
          for <isp@FreeBSD.ORG>; Wed, 11 Feb 1998 01:27:33 -0800 (PST)
          (envelope-from danny@panda.hilink.com.au)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id UAA04890;
	Wed, 11 Feb 1998 20:27:17 +1100 (EST)
Date: Wed, 11 Feb 1998 20:27:16 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Jakob Alvermark <jakob@teligent.se>
cc: Benjamin Gras <ben@nl.euro.net>, isp@FreeBSD.ORG
Subject: Re: Passwords..
In-Reply-To: <Pine.BSF.3.96.980211074335.1865A-100000@datorn.teligent.se>
Message-ID: <Pine.BSF.3.91.980211201648.294L-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Wed, 11 Feb 1998, Jakob Alvermark wrote:

> > Why bother?  If you just want Linux passwords readable by FreeBSD, 
> > install the DES kit from ftp.internat.freebsd.org and use both DES and 
> > MD5 on FreeBSD.

> So it's possible to use both DES and MD5 password concurrently?

Yes.

> Is someone breaking the law if I get the DES kit from
> ftp.internat.freebsd.org?

Well, if you were in France, possibly, since you can't use any encryption
there, but note that as said before, the password routine is a *hashing*
function, not a cryption function.  It is designed for identification
purposes, not privacy.  In fact, it is legal to export from the USA a
binary which only does identification style hashing using crypt, and which
cannot be used for privacy.  This is how Solaris, DEC Unix, AIX, IRIX etc
all ship outside the USA with DES passwords.  The international versions
of commercial OSs do not include the crypt(1) command which can be used
for encrypting a message for later decryption.  Unix encrypted passwords
can't be decrypted. 

The problem with FreeBSD's DES is that it comes with source code which 
includes routines for en/de-cryption, not just password hashing.  So, 
people outside the USA should fetch the DES software from 
ftp.internat.freebsd.org, which is in South Africa.  This version is 
maintained independently of the USA version, and was written from scratch 
outside the USA, so no-one can be accused of exporting it from the USA.

The descrypt libraries in FreeBSD 2.2 and higher support MD5 passwords, 
and will use whatever algorithm is appropriate by looking at the first 
two characters of the encrypted password.

Cheers,

Danny


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message