Unix encryption methods

Doug Gwyn <gwyn> gwyn at brl-tgr.ARPA
Sun Dec 9 23:36:13 AEST 1984


> My posting about a mailing list for Unix security issues seems to have
> gotten out (I sometimes wonder...) and one comment about the security
> of the mail list itself is that the contents should be encrypted. So...
> a few questions to the assembled masses seems to be in order:
> 
> Would crypt(1) be appropriate for this use? I know the enigma codes can
> be broken, but has anyone actually done it in the case of crypt? Is it
> something to worry about? If crypt is not right, what would be a more
> acceptable way of encryting the data? I assume we have a way of passing
> the keys about securely.
> 
> Lastly, since crypt is not *supposed* to be passed outside the US of A,
> how can we extend the list to those in, say, Korea? Caesar encoding
> probably won't hack it.
> 
> Comments to me via mail, please. I'll summarize.
> -- 
> Lyle McElhaney
> {hao, stcvax, brl-bmd, nbires, csu-cs} !denelcor!lmc

"Crypt" has indeed been broken; you can find out how to go about it
by reading an article in the latest BLTJ.  I assure you that anyone
who is serious about snooping on the security newsgroup would.

I think a more severe problem is that you cannot possibly know
whether the people on your restricted mailing list are good guys
or bad.  Just because I post a request to you from "somehost!root"
does NOT mean that I am trustworthy.  Indeed, it doesn't even mean
that I have access to a UNIX system!



More information about the Comp.unix.wizards mailing list