password encryption in libc

David Mosberger-Tang (davidm@cs.arizona.edu)
Tue, 24 Oct 1995 11:21:23 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ka'plaagh 24-Oct-1995 0959 +0000: "Miniloader (MILO): new sources and (some) images"
Previous message: Linus Torvalds: "Re: Linux-1.3.36"
Next in thread: Erik Troan: "Re: password encryption in libc"
Reply: Erik Troan: "Re: password encryption in libc"

It was brought to my attention that the password encryption in the
current libc is broken. It was easy enough to fix it but this raises
the issue of making the code/sources available via ftp. It is my
understanding that US export laws prohibit exporting this code either
in source or in binary form. I'm not happy about this law but on the
other hand I'm also not willing to take any risks with it.

So I wonder, how is this dealt with in other places? FSF's glibc
maintains the crypto code in a separate file that must not be
downloaded from non-US sites. I'm not exactly excited about this as
it will create more work for all of us. In particular, it would
require somebody outside the US to compile and make available a libc
with crypto support and associated binaries (login, passwd, etc.)

I have very little interest in such political issues and would
appreciate getting feedback from other people to find a solution that
is both legally clean and involves the least amount of extra work.

--david

Next message: Ka'plaagh 24-Oct-1995 0959 +0000: "Miniloader (MILO): new sources and (some) images"
Previous message: Linus Torvalds: "Re: Linux-1.3.36"
Next in thread: Erik Troan: "Re: password encryption in libc"
Reply: Erik Troan: "Re: password encryption in libc"