Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 beta 3/9/83; site mot.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!seismo!ut-sally!oakhill!mot!fred From: fred@mot.UUCP (Fred Christiansen) Newsgroups: net.crypt,net.unix Subject: Re: Xenix & crypt (fairly LONG) Message-ID: <134@mot.UUCP> Date: Tue, 2-Apr-85 15:07:17 EST Article-I.D.: mot.134 Posted: Tue Apr 2 15:07:17 1985 Date-Received: Fri, 5-Apr-85 02:54:31 EST References: <111@loonam.UUCP> Organization: Motorola Microsystems, Phoenix AZ Lines: 62 Xref: watmath net.crypt:336 net.unix:4116 > 4. The CRYPT command has been removed from Xenix 3.0b. The > crypt commands contains classified algorithms, and has > been removed in order to comply with goverment regulations > covering international distribution of Xenix. > > Anyone know anything about this? There are two parts to this: 1) the attitude of the U.S. government (DoD, NSA, CIA), and 2) the approaches taken by various vendors to avoid the issue. 1) For several years there has been a battle of words between the government and researchers regarding encryption technology, with the government requesting that all cryptologic research results be "born classified". This notion has been vehemently resisted by the research community (see almost any issue of the Communications of the ACM for the last 5 or so years) and is as yet unresolved. Eventually the U.S. Dept of Commerce placed an export embargo on ALL cryptologic technology. Now, this does not mean that your favorite Caesar cipher game couldn't be sold overseas; you possibly would, however, have to apply for an export license on a sale-by-sale basis. This can be quite a headache for any company attempting to do business internationally ... which leads us to ... 2) When Motorola undertook to ship SYSTEM V/68 (binary AT&T-validated 68000 port of Un*x System V) overseas, our Legal department advised us of this issue. At that point (Jan '84) I contacted our AT&T account rep and asked how AT&T was resolving this issue. The answer was that there was a separate, sanitized version of Un*x for international sale. They had approached the National Security Agency (NSA) to review the cryptologic contents of Un*x. While the NSA refused to say what AT&T should do to avoid it, they did say that there was enough in Un*x to require an export license. The following sanitization WAS acceptable to the NSA and Dept of Commerce (not a quote): The crypt(1) command is removed. The ability to create or edit encrypted files with ed(1), ex(1) and vi(1) editors has been removed. The "-x" option command line option and the editor's command, X, are no longer valid. The crypt(3C) family of subroutines has been modifie: setkey() is removed and decryption by the encrypt() function is disallowed. (Note: Encryption by the crypt() and encrypt() subroutines is still suppported. Hence, password validation at login time is not affected.) It was Motorola's decision (and apparently Microsoft's) to sell only one instance of Un*x. Hence, the cryptologic technology is totally deleted from all software, whether sold domestically or internationally. Domestic customers may request, as a separate item, those items which were deleted. > If this is true why is > /usr/lib/makekey still included? Has DES been made classified? > and couldn't a task force of CCCP's best computer scientists > hack it out of the kernal? Is the world coming to an end, er > what? /usr/lib/makekey does not contain any cryptologic technology so is not affected. DES is probably not classified but it is under export embargo. There is no encryption technology in the kernel. [I AM NOT REPRESENTING MOTOROLA OR AT&T IN ANY WAY. I OFFER THE PRECEDING AS AN INDIVIDUAL. IT IS ACCURATE TO THE BEST OF MY RECALL AND NOTES.] -- << Generic disclaimer >> Fred Christiansen, Motorola Microsystems, Tempe {ihnp4,allegra}!sftig!mot!fred {ihnp4,seismo}!ut-sally!oakhill!mot!fred {ihnp4,amdahl}!drivax!mot!fred