Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!manuel!munnari.oz.au!mips!mips!newsun!gateway.novell.com!terry From: terry@npd.Novell.COM (Terry Lambert) Subject: Re: 386bsd security enhancements are needed before using INTERNET! Message-ID: <1992Jul27.191435.14721@gateway.novell.com> Sender: news@gateway.novell.com (NetNews) Nntp-Posting-Host: thisbe.eng.sandy.novell.com Organization: Novell NPD -- Sandy, UT References: <l74ebkINN1sd@neuro.usc.edu> <1992Jul27.173631.4223@gateway.novell.com> <1992Jul27.183548.20598@news.iastate.edu> Date: Mon, 27 Jul 1992 19:14:35 GMT In article <1992Jul27.183548.20598@news.iastate.edu> niko@iastate.edu (Nikolaus E Schuessler) writes: > >>>fact of the matter is that the precompiled password authentication codes >>>present absolutely no risk to national security. >> >> The problem is the ability to distribute source. One of the base >>intentions of 386BSD, from what I have seen, is to make everything freely > >Aren't there keys that can be changed on a system by system basis? For >some algorithms it could take a fast computer a long time to crack the >codes even if it knew the algorithm... It isn't that the algorithms are crackable -- it's that they take what the NSA considers an unreasonable amount of time to crack, and, as such, distribution of a working crypt library represents a perceived threat to the national interest (USA). This is, in point of fact, a real problem, in that you can encrypt sensitive data in the US and send it out on a public channel. By the time it has been decrypted, the damage has already been done, as the distribution of the data is no longer taking place and can not be thwarted. Terry Lambert terry_lambert@gateway.novell.com terry@icarus.weber.edu --- Disclaimer: Any opinions in this posting are my own and not those of my present or previous employers.