> I thought the whole problem was that it's very hard to distribute
> source for DES-based password hashing in a way that isn't trivial to
> turn into full-fledged DES. 

And the joke is, that there are any number of full DES implementations
available outside the U.S. plus other algorithms such as IDEA which is
reported to be at _least_ as strong as DES.

The whole thing _should_ be a dead issue, yet I heard the other day
that the U.S. gov. are actually planning to prosecute Phil Zimmerman
(of PGP fame) - is this really true?

--sjg