In message <Pine.NEB.3.96.990421001632.28472A-100000@polder.ubc.kun.nl>, Olaf S
eibert writes:
>b) Scrap it, and replace it with "foreign" code. Not as if this is
>   exceedingly difficult - any 2-year-old who has seen a description
>   of DES can reverse the rounds to obtain decryption. It's around line
>   666 in my copy of the "exportable" version.

This doesn't help.  You *still* can't distribute that code from any server
in the U.S., it's still a munition.  So far as I can tell, anything compatible
with existing encrypted data is illegal to export.

>   Or even better, do an MD5 based password scheme and forget unsafe DES.

I'd love to see this as an option, as well as support for wide passwords, but
I personally plan to keep using DES a while longer, until all of my boxes have
a suitable replacement.

>c) What else is there in "domestic"? Kerberos maybe? Everyone has that
>   already as well, so add it to "foreign" servers and be done with it.

>I would suggest carrying this stuff *only* on non-USA servers, in order
>to make a political statement about the whole stupidity of ITAR.

Well, it certainly is stupid.  I doubt you'll get any argument from that.

-s