[1038] in Coldmud discussion meeting

root meeting help first first in chain previous in chain previous next next in chain last in chain last

Re: [COLD] encryption, DES, MD5, SHA-1(?)

daemon@ATHENA.MIT.EDU (Wed Jul 24 06:25:29 1996 )

From: Dancer <dancer@brisnet.org.au>
To: brandon@tombstone.sunrem.com (Brandon Gillespie)
Date: Wed, 24 Jul 1996 20:01:55 +1000 (EST)
Cc: coldstuff@cold.org
In-Reply-To: <Pine.BSF.3.91.960723171111.21255A-100000@tombstone.sunrem.com> from "Brandon Gillespie" at Jul 23, 96 05:13:15 pm

> I would prefer to ship a specific crypt with the driver, so it is always 
> the same.  However, there are legal concerns--unfortunately I am not 
> aware of what they are specifically.
> I doubt we can ship DES (like it would matter).
> Can we ship MD5 internationally without reprecussions?
> What is SHA-1?  Can we ship it internationally etc?
> What does MOO use for string_hash()?  Is it as good as MD5 or others?
> Source?
> I can shag md5 from the FreeBSD distribution, if I can get some factual 
> information about shipping with it..
> -Brandon Gillespie

Erm, no. Technically, you can't ship anything containing any encryption code
outside of the USA. Not MD5, not DES, not anything. Not without a specific
permit to do so.

Unix gets away with DES by having had the DES crypto algorithm separately
implemented in the UK. Same deal with the others. You send the specs to
another country (Canada doesn't count, nor does anywhere on the NSA's
shit-list) and let them develop some code to spec. Then everyone's happy,
and it's legal.