From owner-freebsd-security Sat Feb 15 10:53:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA08962 for security-outgoing; Sat, 15 Feb 1997 10:53:59 -0800 (PST) Received: from kithrup.com (kithrup.com [205.179.156.40]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id KAA08955 for ; Sat, 15 Feb 1997 10:53:55 -0800 (PST) Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id KAA17343; Sat, 15 Feb 1997 10:53:51 -0800 Date: Sat, 15 Feb 1997 10:53:51 -0800 From: Sean Eric Fagan Message-Id: <199702151853.KAA17343@kithrup.com> To: phk@critter.dk.tfs.com Subject: Re: blowfish passwords in FreeBSD Newsgroups: kithrup.freebsd.security In-Reply-To: <11871.855990294.kithrup.freebsd.security@critter.dk.tfs.com> References: Your message of "Sat, 15 Feb 1997 13:12:45 +1100." <19970215021245.1798.qmail@suburbia.net> Organization: Kithrup Enterprises, Ltd. Cc: security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <11871.855990294.kithrup.freebsd.security@critter.dk.tfs.com> you write: >Theo belives he can export anything just because he is in Canada. It's probably worth mentioning that the new US regulations on what can be exported are frightening (although, admittedly, they were explained to me by John Gilmore, who is more than slightly biased against them ;)). In particular, John makes a point that *any code that protects against malicious attack* is prohibited by the new regulations, whether it uses cryptography or not. In other words, MD5 and buffer overflow patches are now as exportable as RSA -- namely, not without a license from the gov't. (I've also seen people claim that only code that does cryptography is covered. However, it's also quite possible that MD5 is no longer exportable, even when used as a one-way hash, if it is to be used for password "encryption.") Not that I expect this to stop anyone ;).