Subject: Re: users using plaintext passwords, BEWARE...
To: Markus Illenseer <markus@TechFak.Uni-Bielefeld.DE>
From: Luke Mewburn <>
List: current-users
Date: 01/19/1995 08:39:46
"markus" == Markus Illenseer.
"lukem" == Luke Mewburn.

 >>>   So is it save to re-distribute these archives and even (re-)export
 >>>   them *to* the USA ?  
lukem> No, it's not safe.
lukem> The Australian export restrictions are just as stupid (as I'm led
lukem> to believe.) I intend to follow this up with the Federal Attorney
lukem> General department though...

markus>  Hm, how about doing your hack in Europe then? It seems we can export
markus> the stuff to all other countries.

Sure. You need to get/write a version of crypt.c that supports:
     char *crypt(const char *key, const char *setting)
     int   setkey(char *key)
     int   encrypt(char *block, int flag)
     int   des_setkey(const char *key)
     int   des_cipher(const char *in, char *out, long salt, int count)

Once that is done, build (on a `release' system not current, e.g.,
NetBSD-1.0/amiga) the following:

Install the binaries, test them, etc...

Then (as root) run:
    cd /
    tar cf /tmp/sec.tar bin/ed sbin/init usr/lib/libcrypt* usr/src/lib/libcrypt
    gzip -9 /tmp/sec.tar

Finally, ensure that people on a virgin 1.0 (sans crypto) machine can
extract that tar file from / and get working crypt functionality.

Then announce it.

This is what I did for the Australian 1.0/i386 secr10.aa, and I've
just finished doing for 1.0/sparc. Once the new tar file has been
tested, it should be on

I'll announce it officially when it's been tested.

Luke Mewburn, <>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle