From owner-freebsd-security  Sun May  2  8: 9:38 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
	by hub.freebsd.org (Postfix) with ESMTP id 77080151B4
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 May 1999 08:09:36 -0700 (PDT)
	(envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id RAA16760;
	Sun, 2 May 1999 17:09:35 +0200 (CEST)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id RAA33176;
	Sun, 2 May 1999 17:09:29 +0200 (MET DST)
Date: Sun, 2 May 1999 17:09:29 +0200
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: Mark Murray <mark@grondar.za>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Blowfish/Twofish
Message-ID: <19990502170929.B32819@bitbox.follo.net>
References: <21634.925539195@critter.freebsd.dk> <Pine.BSF.3.96.990501150648.2670B-100000@fledge.watson.org> <19990502144906.E23950@bitbox.follo.net> <199905021458.QAA02696@greenpeace.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <199905021458.QAA02696@greenpeace.grondar.za>; from Mark Murray on Sun, May 02, 1999 at 04:58:29PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, May 02, 1999 at 04:58:29PM +0200, Mark Murray wrote:
> Eivind Eklund wrote:
> > On Sat, May 01, 1999 at 03:07:30PM -0400, Robert Watson wrote:
> > > So I'd gladly write this code, as well as do a number of other
> > > crypto-related things, but I'm inside the US.  Someone outside the US will
> > > have to take this initiative, I'm afraid.
> > 
> > For this application, being inside the US is probably not a problem.
> > The way I would implement this is to use OpenSSL (formerly SSLeay)
> > through their library interface, dlopen() the library, and only
> > support Blowfish passwords if the library is available.  As what
> > you'll be writing is authentication infrastructure, not encryption
> > infrastructure, exporting it is not a problem.  I do not know of any
> > country that forbid export of authentication infrastructure.
> 
> _Way_ overkill. A far simpler structure can easily be built by hand.

I do not understand what you mean - elaborate?  Dynamically linking in
a new library if it is present is not very difficult - do you mean
that OpenSSL has too complicated an API?  Or what is it you're trying
to say?

Eivind, confused.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message