Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!seismo!brl-tgr!gwyn
From: gwyn@brl-tgr.ARPA (Doug Gwyn )
Newsgroups: net.crypt,net.unix-wizards
Subject: Re: Unix encryption methods
Message-ID: <6548@brl-tgr.ARPA>
Date: Sun, 9-Dec-84 08:36:13 EST
Article-I.D.: brl-tgr.6548
Posted: Sun Dec  9 08:36:13 1984
Date-Received: Tue, 11-Dec-84 03:18:18 EST
References: <615@denelcor.UUCP>
Distribution: net
Organization: Ballistic Research Lab
Lines: 29
Xref: watmath net.crypt:252 net.unix-wizards:10930

> My posting about a mailing list for Unix security issues seems to have
> gotten out (I sometimes wonder...) and one comment about the security
> of the mail list itself is that the contents should be encrypted. So...
> a few questions to the assembled masses seems to be in order:
> 
> Would crypt(1) be appropriate for this use? I know the enigma codes can
> be broken, but has anyone actually done it in the case of crypt? Is it
> something to worry about? If crypt is not right, what would be a more
> acceptable way of encryting the data? I assume we have a way of passing
> the keys about securely.
> 
> Lastly, since crypt is not *supposed* to be passed outside the US of A,
> how can we extend the list to those in, say, Korea? Caesar encoding
> probably won't hack it.
> 
> Comments to me via mail, please. I'll summarize.
> -- 
> Lyle McElhaney
> {hao, stcvax, brl-bmd, nbires, csu-cs} !denelcor!lmc

"Crypt" has indeed been broken; you can find out how to go about it
by reading an article in the latest BLTJ.  I assure you that anyone
who is serious about snooping on the security newsgroup would.

I think a more severe problem is that you cannot possibly know
whether the people on your restricted mailing list are good guys
or bad.  Just because I post a request to you from "somehost!root"
does NOT mean that I am trustworthy.  Indeed, it doesn't even mean
that I have access to a UNIX system!