Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.sys.ibm.pc
Subject: Re: UNIX-like crypt function
Keywords: crypt unix ibm-pc
Message-ID: <13885@bloom-beacon.MIT.EDU>
Date: 28 Aug 89 21:56:50 GMT
References: <855@eutrc3.urc.tue.nl> <2152@netcom.UUCP> <17369@ut-emx.UUCP> <310@cs.columbia.edu>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: jik@athena.mit.edu (Jonathan I. Kamens)
Organization: Massachusetts Institute of Technology
Lines: 28

In article <310@cs.columbia.edu> amb@cs.columbia.edu (Andrew Boardman) writes:
>Not a lot.  Picture this: person who is in another country with his
>machine on the Internet ftp's the appropriate crypt binary (or source
>if he has it) via one of his accounts in the US.  It's quite probably
>happened quite a few times; it's not a high-security item.  It's just
>Officially Frowned Upon for some terribly good reason which escapes me
>at the moment.  (This last bit was explained to me by an ex-NSA friend
>who's now at DEC of all places.)

  It's not just "Officially Frowned Upon," it's illegal.  Exporting
any encryption technology, or in some cases software which uses
encryption technology (even if you don't include the encryption
technology with the software), outside of the United States is
illegal.

  Actually, that's not quite true, because "mass market" software is
exportable.  Rumor around here has it that the State Department's
definition of "mass market" is "runs on a PC".  Great.

  Yes, anybody that wants the sources to crypt() can get it with no
problem at all.  The Russians already have it.  Anybody else who
really wants it probably already has it.  But it's still illegal to
export it.

Jonathan Kamens			              USnail:
MIT Project Athena				432 S. Rose Blvd.
jik@Athena.MIT.EDU				Akron, OH  44320
Office: 617-253-4261			      Home: 216-869-6432