Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83 SMI; site suneast.uucp Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!talcott!panda!genrad!decvax!linus!security!sunne!suneast!geoff From: geoff@suneast.uucp (Geoff Arnold) Newsgroups: net.unix,net.micro.pc,net.crypt Subject: Re: Non-ATT 'crypt(3)' Message-ID: <125@suneast.uucp> Date: Tue, 17-Dec-85 09:36:44 EST Article-I.D.: suneast.125 Posted: Tue Dec 17 09:36:44 1985 Date-Received: Fri, 20-Dec-85 00:48:48 EST References: <124@suneast.uucp> <717@decuac.UUCP> <435@brl-tgr.ARPA> <522@uel> Organization: Sun Microsystems Inc. - East Coast Division Lines: 33 Xref: watmath net.unix:6669 net.micro.pc:6269 net.crypt:490 Alex Osadzinski, Unix Europe Ltd, London, England writes: > ... Further, any competent programmer > can reproduce the crypt(3) code in an afternoon from a functional description. Oh really? The problem is, the only functional description other than the code is the 'crypt(3)' man page, which vaguely says that the 'salt' is "used to perturb the DES algorithm in one of 4096 different ways". Can you deduce the algorithm without looking at the code? And what would be the legal position if someone looked at the code, wrote down a suitable functional description and gave it to you? My guess is that either they would be publishing it (and thus be in breach of their AT&T license) or acting as your agent, in which case it's as though you did it yourself. As the man page points out, the routine incorporates "variations intended (among other things) to frustrate use of hardware implemen- tations of the DES for key search." (Gee - by quoting THAT am I in trouble? Probably not - this could be construed as a review, I guess.) Presumably this whole question is one of the "other things" mentioned. Now a further question. How have the Un*x clones gone about it? Do systems such as Coherent, UNOS, etc. use an equivalent algorithm (i.e. could I pick up a Un*x passwd file, drop it on one of their systems and just use it)? -- #include /* co. lawyers: will this do? */ Geoff Arnold =-=-= Quick: 617-863-8870 x136 (but ya gotta catch me!) Sun Microsystems Inc.-=-=- Slower: {hplabs,ihnp4,nsc,pyramid}!sun!suneast!geoff East Coast Division. =-=-= Slowest:One Cranberry Hill, Lexington, MA 02173