Date: Mon, 19 Jun 1995 17:56:42 +0200 From: Mark Murray <mark@grondar.za> To: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> Cc: current@freebsd.org Subject: Re: Crypto code - an architectural proposal. Message-ID: <199506191556.RAA29080@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
> <<On Sun, 18 Jun 1995 18:00:48 +0200, Mark Murray <mark@grondar.za> said: > > > Included in the new DES code that I have (and in the old BTW) is > > fcrypt.c, which is a faster (2-3 times) replacement for the DES-based > > crypt(3) we are currently using. I would like to include this fcrypt.c > > in libdes to reduce the number of libraries produced. > > This is a bad idea for the following reason: > > The current libdescrypt.so was designed specifically to ensure that it > would be easy to get an export license for the binary. This is done > by having the library only export one entry point, the UNIX one-way > hash function crypt(). I don't want to see this broken. I don't quite understand. The code I have has no restrictions apart from the US crypto export one. What I am proposing to do is include it with a library that has exactly the same restrictions. I want to do this to reduce the number of libraries, seeing that some of what I am doing may increase that number. > There are also some reasons for wishing that the system crypt() were > slower as opposed to faster than it is now. What are they, please? If it is to slow down hack-attacks, then this is not really a reason, as a hacker could either bring his own fast crypt(3), or we could slow down login(1) etc with sleep(3), giving us the advantage with the crack programs. > Now, if you want to replace libcipher, go right ahead. I am actually having quite a hard time working out what the difference is between libdescrypt and libcipher. Could you enlighten me please? (I was of a mind to trash libcipher, as it seems superfluous.) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506191556.RAA29080>