Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!seismo!brl-tgr!gwyn From: gwyn@brl-tgr.ARPA (Doug Gwyn) Newsgroups: net.crypt,net.unix-wizards Subject: Re: Unix encryption methods Message-ID: <6548@brl-tgr.ARPA> Date: Sun, 9-Dec-84 08:36:13 EST Article-I.D.: brl-tgr.6548 Posted: Sun Dec 9 08:36:13 1984 Date-Received: Tue, 11-Dec-84 03:18:18 EST References: <615@denelcor.UUCP> Distribution: net Organization: Ballistic Research Lab Lines: 29 Xref: watmath net.crypt:252 net.unix-wizards:10930 > My posting about a mailing list for Unix security issues seems to have > gotten out (I sometimes wonder...) and one comment about the security > of the mail list itself is that the contents should be encrypted. So... > a few questions to the assembled masses seems to be in order: > > Would crypt(1) be appropriate for this use? I know the enigma codes can > be broken, but has anyone actually done it in the case of crypt? Is it > something to worry about? If crypt is not right, what would be a more > acceptable way of encryting the data? I assume we have a way of passing > the keys about securely. > > Lastly, since crypt is not *supposed* to be passed outside the US of A, > how can we extend the list to those in, say, Korea? Caesar encoding > probably won't hack it. > > Comments to me via mail, please. I'll summarize. > -- > Lyle McElhaney > {hao, stcvax, brl-bmd, nbires, csu-cs} !denelcor!lmc "Crypt" has indeed been broken; you can find out how to go about it by reading an article in the latest BLTJ. I assure you that anyone who is serious about snooping on the security newsgroup would. I think a more severe problem is that you cannot possibly know whether the people on your restricted mailing list are good guys or bad. Just because I post a request to you from "somehost!root" does NOT mean that I am trustworthy. Indeed, it doesn't even mean that I have access to a UNIX system!