Subject: Re: PEOPLE WITHOUT CRYPT(), BEWARE!!!
To: Chris G Demetriou <Chris_G_Demetriou@LAGAVULIN.PDL.CS.CMU.EDU>
From: Larry Lee <firstname.lastname@example.org>
Date: 02/19/1995 08:40:13
At 08:00 AM 2/19/95 -0500, Chris G Demetriou wrote:
>The new version is exportable, because it includes a broken decryption
>mechanism. (In point of fact, the new version is that which is
>distributed by UC Berkeley in the foreign versions of the Net/2 and
>4.4-Lite tapes.) Since password encryption uses no decryption, the
>new version will work fine for passwords.
It appears from the above comments that it is OK to export working
encryption algorithms (maybe hashing would be a better term) as long
as they can't be reversed with decryption. The purpose of password
encryption algorithm has been to produce an encrypted value that
is difficult to be reversed engineered into something that is typeable.
This has always been the case with the passwords, why has there been a
What are the limits of the restrictions on encryption/decryption.
For example, could NetBSD include a working crypt function athat
xor'd the data with a site selected value or would that violate
the law as well?
Note: I'm not asking anyone to do anything or making a suggestion,
I just want to know what the common understanding of limits of the