Message-Id:	<199909271304.QAA17164@ankara.Foo.COM>
From:	"S. M. Halloran" <mitch AT duzen DOT com DOT tr>
Organization:	User RFC 822- and 1123-compliant
To:	djgpp AT delorie DOT com
Date:	Mon, 27 Sep 1999 17:07:43 +0200
MIME-Version:	1.0
Subject:	Re: Crypt()
CC:	djgpp AT delorie DOT com
References:	<37E9E658 DOT F6D9105F AT pmail DOT net>
In-reply-to:	<Pine.SUN.3.91.990926153448.304C-100000@smmi12>
X-mailer:	Pegasus Mail for Win32 (v3.12)
Reply-To:	djgpp AT delorie DOT com

On 26 Sep 99, Eli Zaretskii was found to have commented thusly:

> 
> On Thu, 23 Sep 1999, Fred Backman wrote:
> 
> > But the problem is that crypt() is not included in djgpp, and I believe the
> > reason for this is that there are some silly legal issues involved which
> > basically makes it illegal to export the crypt() code outside the US.
> 
> I'd rather think that DJGPP has no `crypt' because nobody wrote it.
> 
> `crypt' uses DES encryption, and AFAIK DES is not restricted in the way 
> you describe.

Actually, the United States government has a law that deals with the export of 
munitions (the law is abbreviated ITAR), and cryptography of a certain strength 
is considered a regulated product for export.  You can be in violation of 
criminal statutes if you send source code for something like DES from a host 
inside the US to one outside.  The developer of PGP was under federal 
investigation for several years because he released his source code to the 
worldwide public prior to an Executive Order which made it explicitly criminal 
to do so.  You can check out the PGP web site or if you really want to get into 
the politics of cryptography, this is the main focus of dicussion on the 
cypherpunks distributed remailing list.

I think the coder who wants crypt() should have absolutely no difficulty 
searching the web/ftp sites outside the US to find source code for a one-way 
hash of a password key.

Mitch Halloran
Research (Bio)chemist
Duzen Laboratories Group
Ankara       TURKEY

- Raw text -