Date: Thu, 22 Jul 1999 07:57:00 -0500 (CDT) From: Takeshi Morishima <morishim@cig.mot.com> To: obrien@freebsd.org Cc: morishim@cig.mot.com, freebsd-ports@freebsd.org Subject: Re: any recommendation for a port using encrypt Message-ID: <199907221257.HAA04607@timbre.cig.mot.com> In-Reply-To: "David O'Brien"'s message of "Wed, 21 Jul 1999 22:45:41 -0700" <199907220549.AAA21806@timbre.cig.mot.com> References: <199907211628.LAA08209@timbre.cig.mot.com> <199907220549.AAA21806@timbre.cig.mot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message "Re: any recommendation for a port using encrypt" on 99/07/21, "David O'Brien" <obrien@freebsd.org> writes: > > > o dynamic link to a crypto library assuming the user has DES package > > installed. (how to make dependency to DES package in the port > > system?) RESTRICTED=no > > Can you dynamically link to libscript (ie, our MD5 password hashing)? > And do things the same way? Or are you sending the DES hash across the > link to the other side? OR, is there a DES lib/function you could add > the list of distfiles? One-way hash would not work in this case. The program sends raw login and password through dynamically generated chat script (i.e. they are not encrypted when used.) Normally such information is statically stored in a chat script file in /etc/ppp without any encryption and its security is maintained by file permission and ownership. The sole reason of using DES is to add additional security. If I give up storing login and password in an encrypted form, i.e. skip the code of encryption/decryption, raw login and password appears on the startup file, and still the program works without DES. (Although it is not prefereable.) > Since you are already going to have to restrict this port, what's > another restricted file? Well, my understanding is that if the final executable uses dynamically linked DES library routines, the program itself can be non-restricted. (My problem is the UFC-crypt source, which is an add-on package included in the distribution at users' convenience.) > > BTW, the distribution tarball even includes UFC-crypt source for > > SunOS. I assume this implicates the distribution cannot be placed > > on cdrom/the freebsd.org ftp servers. > > That would be correct. You will have to make it > RESTRICTED='contains DES code' Assuming my understanding above is correct, is there anyway to work around this? I can make the final executables DES independent, but I do not like to make it restricted just because the UFC-crypt source is included (while it is not really used). (If original author agrees with separating the UFC-crypt part or me creating a subset 'no-crypt' tarball from the original distribution, this is no longer a problem, correct?) Thanks, Takeshi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907221257.HAA04607>