*BSD News Article 2594


Return to BSD News archive

Newsgroups: comp.unix.bsd
Path: sserve!manuel!munnari.oz.au!mips!mips!newsun!gateway.novell.com!terry
From: terry@npd.Novell.COM (Terry Lambert)
Subject: Re: 386bsd security enhancements are needed before using INTERNET!
Message-ID: <1992Jul27.191435.14721@gateway.novell.com>
Sender: news@gateway.novell.com (NetNews)
Nntp-Posting-Host: thisbe.eng.sandy.novell.com
Organization: Novell NPD -- Sandy, UT
References: <l74ebkINN1sd@neuro.usc.edu> <1992Jul27.173631.4223@gateway.novell.com> <1992Jul27.183548.20598@news.iastate.edu>
Date: Mon, 27 Jul 1992 19:14:35 GMT

In article <1992Jul27.183548.20598@news.iastate.edu> niko@iastate.edu (Nikolaus E Schuessler) writes:
>
>>>fact of the matter is that the precompiled password authentication codes
>>>present absolutely no risk to national security.
>>
>>	The problem is the ability to distribute source.  One of the base
>>intentions of 386BSD, from what I have seen, is to make everything freely
>
>Aren't there keys that can be changed on a system by system basis? For
>some algorithms it could take a fast computer a long time to crack the
>codes even if it knew the algorithm...

It isn't that the algorithms are crackable -- it's that they take what the
NSA considers an unreasonable amount of time to crack, and, as such,
distribution of a working crypt library represents a perceived threat to
the national interest (USA).  This is, in point of fact, a real problem,
in that you can encrypt sensitive data in the US and send it out on a public
channel.  By the time it has been decrypted, the damage has already been
done, as the distribution of the data is no longer taking place and can not
be thwarted.

					Terry Lambert
					terry_lambert@gateway.novell.com
					terry@icarus.weber.edu
---
Disclaimer:  Any opinions in this posting are my own and not those of
my present or previous employers.