From owner-freebsd-security Mon Feb 17 15:50:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA25278 for security-outgoing; Mon, 17 Feb 1997 15:50:19 -0800 (PST) Received: from vinyl.quickweb.com (vinyl.quickweb.com [206.222.77.8]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA25271 for ; Mon, 17 Feb 1997 15:50:13 -0800 (PST) Received: from localhost (mark@localhost) by vinyl.quickweb.com (8.7.5/8.6.12) with SMTP id SAA11342; Mon, 17 Feb 1997 18:50:52 -0500 (EST) Date: Mon, 17 Feb 1997 18:50:52 -0500 (EST) From: Mark Mayo To: Carl Makin cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 18 Feb 1997, Carl Makin wrote: > > On Mon, 17 Feb 1997, Mark Mayo wrote: > > > Just some thoughts anyways.. Hopefully when the US gov. sees that the > > 40-bit key was cracked in 3 hours, and the 48-bit key in a couple weeks, > > maybe they'll realize how far they have their heads up their asses and > > will stop these silly export restrictions on hard-crypto.. > > Don't be silly. Its *exactly* the reason the restrictions are there in > the first place. The US government seems to believe (a) noone outside of > the US can write code and (b) noone outside of the US Government should > have secure communications. > > You need to convince your government that the restrictions are having no > effect on security while they are hurting the US dominance in trade. :) Fist of all, just for the record, the US sure as hell ain't my government!! I'm a proud Canadian - true to the bone :-) It seems to me the reason the US gov. won't let hard-crypto out of the country is cause they don't want anything getting out that they can't crack - i.e. 40,48-bit RC4 and DES. Luckily, my government is too cheap to buy computers that could crack any encryption, so they don't bother restricting any strength of cryptography :-) It's pointless! Aside creating more jobs in Canada for crypto programmers, the US laws, whether I'm American or not, are a big pain in the ass for me. You should have seen the bloody nightmare I just had to go through to get a 128-bit SSL key from RSA!!! And Canada is allowed to import strong-crypto from the US!! Christ, I thought I was going to have to fly down to the US and have my identity verified with a retina scan or something. Talk about paranoid: "You mean you want a 128-bit key and you don't live in America? Oh my. We'll get back to you..". I did get the key, but it took 1.5 months.. Blowfish, for example, can't be exported outside of Canada and the US - and if US ctizens code it, how is the rest of the FreeBSD world going to get it?? -Mark > > Carl. > > -- > Carl Makin (VK1KCM) > C.Makin@nla.gov.au 'Work +61 6 262 1576' "Speaking for myself only!" > 'If you want to make your spouse pay attention to what you say... > Talk in your sleep!' >