| From: | Alex Pilosov <alex(at)pilosoft(dot)com> |
|---|---|
| To: | The Hermit Hacker <scrappy(at)hub(dot)org> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Passwords |
| Date: | 2000-05-07 02:15:11 |
| Message-ID: | Pine.BSO.4.10.10005062208530.28169-100000@spider.pilosoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, 6 May 2000, The Hermit Hacker wrote:
> My *understanding* is that MD5 is a half-way measure that is easier to
> break then DES, which is why it isn't under the export restrictions ...
There are a few misconceptions here:
1. DES is legal to export since March of this year, when USG relaxed
controls on crypto. Any software that is off-the-shelf or 'free as in
speech' is allowed to have DES code. Only requirement is that a copy of
software or a link to URL which contains software must be provided to BXA
office.
2. MD5 was allowed to be exported because it is not a encryption
algorithm, and cannot be used as such. It is inherently one-way, therefore
the terrorists won't have any use to it. Or something like that ;)
-alex
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Benjamin Adida | 2000-05-07 02:21:16 | Re: Passwords |
| Previous Message | Robert B. Easter | 2000-05-07 02:02:04 | Re: You're on SecurityFocus.com for the cleartext passwords. |