Date: Wed, 14 Jun 1995 20:47:10 +0200 From: Mark Murray <mark@grondar.za> To: secure@freebsd.org, hackers@freebsd.org Subject: DES, Crypt and eBones. Message-ID: <199506141847.UAA07887@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
Hi folks! I have had a good look at the secure code in the last few weeks, and quite frankly, it is a mess. The problems with the code I see are: (in no particular order) 1) I see no reason for 'ebones' and 'secure' to be separated the way they are. I believe they should be combined into one "export- restricted" bunch. 2) The "crypt" routine is not part of the DES library. There is a faster crypt(3) from Eric Young that could quite easily be symlinked (or whatever) to our code. Having one crypto library makes more sense. 3) The DES library is out of date. I have Eric Young's latest offering, and Kerberised telnet is just round the corner. 4) There are some nasty bugs. If you have both NIS and eBones/Kerberos, password authentication goes for a loop. ie you can only login with Kerberos password, and this does not work with ftpd(8) etc. I have a send-pr about this, and intend to address these problems. 5) There is no secure RPC. The code exists, but has not been ported. This can be sorted out with the help of the later DES library. I have commit privelige, but I would like a "boffin" to help me check out this stuff before I bung it in. Is anyone interested? -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506141847.UAA07887>