Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!purdue!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: Security for UNIX ... looking for crypt() ...
Message-ID: <13087@smoke.BRL.MIL>
Date: 12 Jun 90 06:50:37 GMT
References: <1139@neon.UUCP> <56@raysnec.UUCP>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 18

In article <56@raysnec.UUCP> shwake@raysnec.UUCP (Ray Shwake) writes:
>>I'm searching for the original C-source of the crypt()-routine
>>which crypts the passwords for /etc/passwd.
>The export of encryption technology is covered by law and regulation
>with the intent that it not fall into the "wrong hands".
>Not only is the source code to crypt covered by these restrictions, one
>can not even export the BINARIES except to certain countries, ...

Of course this neglects some relevant facts:
	crypt() is just DES with a minor tweak.
	DES has been published.
	crypt() has been described in technical journals.
	Public-domain reimplementations of crypt() are available.
	UNIX crypt() used to be shipped unrestricted before
	the lawyers got involved and started to worry about it.
The export control concerns are solely due to legal considerations
and government bureaucracy, not because anyone is seriously worried
about crypt() "falling into the wrong hands".