[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius

On Sun, 2 Mar 1997, Theodore Y. Ts'o wrote:

>    Wow ! How nice ! :-) I'm in Europe. What does Kerberos give me ? A 'right'
>    to use pirated code ?
> It's not pirated code; the MIT copyright allows anyone to use it.  As
> far as getting outside of the country, we can't help someone break
> U.S. law, but if someone manages to sneak it outside the U.S., that
> person has violated U.S. law, and not any copyright restriction of
> MIT's. 

This is what I'm saying - MIT let me use it, but if I put my name on
Kerberos-derived code obtained without an export licence from US, I can
get in trouble when applying for a visa at the US embassy... So what I am
saying is that _I_ am not interested in developing code for Kerberos.

> Technically speaking RADIUS uses MD5 to "encrypt" the password.  I.e.,
> it is using MD5 for data hiding.  As such, techncially speaking RADIUS
> requires as much of an export license as Kerberos.  It's true people

Nope. I have checked with Livingston - they are offering their RADIUS
server (okay, an older version, but the encryption part is not modified a
bit in the newer one) for free to anyone in the world. They've told me
that they have checked this and they are covered by a decision of
don't-know-what-court that their encryption system is *not* considered
strong cryptography.

> of RADIUS source code probably requires an export control license, since
> it is performing data-hiding.

No, because it does not fall under 'strong crypto' law.

> (There's also the issue that MD5 was never intended to be used for
> data-hiding, so I have some questions about cryptographic strength of
> RADIUS, but that's another issue entirely.)

Well, it is not the best thing on the plannet when it comes to the
cryptographic strength, but it is more secure than NIS and everyone can
used it without worry, so...

		Cristian Gafton
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
UNIX is user friendly. It's just selective about who its friends are.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []