Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/17/84 chuqui version 1.7 9/23/84; site nsc.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!ihnp4!nsc!chongo From: chongo@nsc.UUCP (Landon Noll) Newsgroups: net.crypt,net.unix Subject: Re: Xenix & crypt Message-ID: <2577@nsc.UUCP> Date: Sun, 7-Apr-85 22:32:17 EST Article-I.D.: nsc.2577 Posted: Sun Apr 7 22:32:17 1985 Date-Received: Tue, 9-Apr-85 01:49:12 EST References: <111@loonam.UUCP> <133@mot.UUCP> <607@rlgvax.UUCP> <321@petrus.UUCP> Reply-To: chongo@nsc.UUCP (Landon Noll) Organization: Rational Swamiconductor, Sanivale Lines: 28 Xref: watmath net.crypt:349 net.unix:4163 Summary: In article <321@petrus.UUCP> karn@petrus.UUCP writes: >If DES is so sensitive, then why was the algorithm published in >the Federal Register? How about all of the books that have been written >on cryptography in the past ten years that include sections on DES? Even more stupid is how easy it is to mung the international version of crypt(3). Login still uses crypt(3), but only to ENCRYPT, not decrypt. Anyone who does a diff of the US crypt(3) and the "US-international" crypt(3) will find only 3 major types of changes. Do a simple diff of the two versions and see for yourself. It would not be too hard to mung crypt(3) source if you only had the international version. Any binary user can, with a bit of thought, form decrypt(3) from crypt(3). Look at the DES as noted in the Fed. register. Notice that there is a 16 strange encryption going on. Now since they removed the encrypt/decrypt flag from the encrypt(3) routine (diff the old and new crypt(3) man pages) one might guess that encrypt(3) itself needs to be munged. Take your friendly dis-asm prog (use adb, or whatever...) and try to find this 16 stage loop. Adjust the loop so that it starts at the high value and steps in the reverse direction. You now have encrypt doing a decryption. Of course, if a binary user has the Fed. register, they might as well write a routine for it! But some folks might want to form their own binary version of decrypt(3) just out of spite. :-) chongo /\oo/\ -- no comment is a comment.