Subject: Updates to FreeSec "libcrypt" package for Net/FreeBSD
To: None <,>
From: David Burren <>
List: netbsd-bugs
Date: 09/15/1994 12:52:45
I have now released a new version (1.1) of the FreeSec package.

The only changes from v1.0 are:

	(a) Single character passwd fields no longer allow login
	    with no password.

	(b) The behaviour with short passwd fields in the new format
	    (ie. that start with an underscore) has been cleaned up
	    with respect to (a).

	(c) The README indicates the current uncertainties about
	    exporting crypto from Australia.

Problem (a) was identified in the NetBSD Gnats database as bin/457.
I have seen one patch produced on the net that fixed (a) but did not
address (b): a passwd field of "_" would still let logins through.

FreeSec 1.1 can be found at URL
(thanks to Rodney Campbell for putting it up there).

To quote from the README in that directory:

> FreeSec 1.x is an original implementation of the DES algorithm and the
> crypt(3) interfaces used in Unix-style operating systems.  It was produced
> in Australia and as such is not covered by U.S. export restrictions (at
> least for copies that remain outside the U.S.).
> HOWEVER, it seems to be subject to Australian export regulations.  While I
> haven't checked the paperwork myself, the Australian Defense Department
> assures me that this is classed as a munition, and export from Australia
> requires a license.  Various work is being done to clarify this situation
> (there are theories that this is just the DoD giving predictable answers)
> but for now I need to cover myself with the following statement:
>	This code is being made available for AUSTRALIAN NetBSD/FreeBSD users,
>        and should not be exported.

- David Burren