Subject: Re: users using plaintext passwords, BEWARE...
To: Markus Illenseer <markus@TechFak.Uni-Bielefeld.DE>
From: Luke Mewburn <firstname.lastname@example.org>
Date: 01/19/1995 08:39:46
"markus" == Markus Illenseer.
"lukem" == Luke Mewburn.
>>> So is it save to re-distribute these archives and even (re-)export
>>> them *to* the USA ?
lukem> No, it's not safe.
lukem> The Australian export restrictions are just as stupid (as I'm led
lukem> to believe.) I intend to follow this up with the Federal Attorney
lukem> General department though...
markus> Hm, how about doing your hack in Europe then? It seems we can export
markus> the stuff to all other countries.
Sure. You need to get/write a version of crypt.c that supports:
char *crypt(const char *key, const char *setting)
int setkey(char *key)
int encrypt(char *block, int flag)
int des_setkey(const char *key)
int des_cipher(const char *in, char *out, long salt, int count)
Once that is done, build (on a `release' system not current, e.g.,
NetBSD-1.0/amiga) the following:
Install the binaries, test them, etc...
Then (as root) run:
tar cf /tmp/sec.tar bin/ed sbin/init usr/lib/libcrypt* usr/src/lib/libcrypt
gzip -9 /tmp/sec.tar
Finally, ensure that people on a virgin 1.0 (sans crypto) machine can
extract that tar file from / and get working crypt functionality.
Then announce it.
This is what I did for the Australian 1.0/i386 secr10.aa, and I've
just finished doing for 1.0/sparc. Once the new tar file has been
tested, it should be on
I'll announce it officially when it's been tested.
Luke Mewburn, <email@example.com>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle