From owner-freebsd-security Mon Feb 17 13:12:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA15456 for security-outgoing; Mon, 17 Feb 1997 13:12:48 -0800 (PST) Received: from vinyl.quickweb.com (vinyl.quickweb.com [206.222.77.8]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA15449 for ; Mon, 17 Feb 1997 13:12:45 -0800 (PST) Received: from localhost (mark@localhost) by vinyl.quickweb.com (8.7.5/8.6.12) with SMTP id QAA10967; Mon, 17 Feb 1997 16:13:08 -0500 (EST) Date: Mon, 17 Feb 1997 16:13:08 -0500 (EST) From: Mark Mayo To: Mark Murray cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702172025.WAA03791@grackle.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 17 Feb 1997, Mark Murray wrote: > Mark Mayo wrote: > > Anways, I'm going to research the Canadian export laws some more, and see > > how anal my gov. really is. It might be necessary to move the main FreeBSD > > distribution out of the US if the US gov. doesn't smarten up soon. A site > > in Europe and one in Canada would server both continents. > > Um - there is already a distribution of crypto for FreeBSD (DES/Kerberos) > that is _IDENTICAL_ to the USA code. Apart from a short break (FBSD2.0) > this has been going since about (?) 1993. (Are you there, Geoff?) > > Most Non-USA sites mirror this code. For DES, yes.... I wasn't really thinking abut the DES distribution, but for future crypto distributions. The problem is that the 'main' FreeBSD distribution site (ftp.freebsd.org) cannot export DES or other crypto software to other coutries - for people in other parts of the world, who perhaps aren't aware of the problems with the US gov.'s export laws right now, it can be a little confusing when tey are told at install time that because they don't live in the US they can't install DES/Kerberos... I guess maybe the FTP install could be setup to automagically use a non-US server when the user picks a sensitive crypto package? Just some thoughts anyways.. Hopefully when the US gov. sees that the 40-bit key was cracked in 3 hours, and the 48-bit key in a couple weeks, maybe they'll realize how far they have their heads up their asses and will stop these silly export restrictions on hard-crypto.. -mark > > M > -- > Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 > This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE > >