Message-Id: <199909271304.QAA17164@ankara.Foo.COM> From: "S. M. Halloran" Organization: User RFC 822- and 1123-compliant To: djgpp AT delorie DOT com Date: Mon, 27 Sep 1999 17:07:43 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Crypt() CC: djgpp AT delorie DOT com References: <37E9E658 DOT F6D9105F AT pmail DOT net> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12) Reply-To: djgpp AT delorie DOT com On 26 Sep 99, Eli Zaretskii was found to have commented thusly: > > On Thu, 23 Sep 1999, Fred Backman wrote: > > > But the problem is that crypt() is not included in djgpp, and I believe the > > reason for this is that there are some silly legal issues involved which > > basically makes it illegal to export the crypt() code outside the US. > > I'd rather think that DJGPP has no `crypt' because nobody wrote it. > > `crypt' uses DES encryption, and AFAIK DES is not restricted in the way > you describe. Actually, the United States government has a law that deals with the export of munitions (the law is abbreviated ITAR), and cryptography of a certain strength is considered a regulated product for export. You can be in violation of criminal statutes if you send source code for something like DES from a host inside the US to one outside. The developer of PGP was under federal investigation for several years because he released his source code to the worldwide public prior to an Executive Order which made it explicitly criminal to do so. You can check out the PGP web site or if you really want to get into the politics of cryptography, this is the main focus of dicussion on the cypherpunks distributed remailing list. I think the coder who wants crypt() should have absolutely no difficulty searching the web/ftp sites outside the US to find source code for a one-way hash of a password key. Mitch Halloran Research (Bio)chemist Duzen Laboratories Group Ankara TURKEY