The original questio was:
>
>
> This is the problem:
>
> I'd like to encrypt files using the command "crypt". This command has been
> available in all UNIX platforms I have worked on (SGI, HP, SUN, RS600). It is
> based on the DES encryption system. The idea is to encrypt a file with a seed
> "key" so that nobody not even root could look at the contents of this file
> unless the key was made to be known to an authorized person. It is also very
> usefull to transmit files over networks.
>
> Syntax
> crypt key < input.File > output.File
>
> I have looked all over on my Alpha system and could not find Encryption
Layered
> Product installed. Not even libraries.
>
> Also the editor vi MUST support encryption through the argument "-x". This is
> also VERY common on all other platforms.
>
> I appreciate any help regarding this matter.
>
> Thanks for any help you can offer.
Many people replay, So I would like to thank all of them. I am copying some of
the replays that are very representative off the many ones received.
Thanks to:
Dr. Thomas P. Blinn, UNIX Software Group, Digital Equipment Corporation
Internet: tpb_at_zk3.dec.com Digital's Easynet: alpha::tpb
Jari Tavi
ProdMGMT
Digital Finland
Martyn Johnson maj_at_cl.cam.ac.uk
University of Cambridge Computer Lab
Cambridge UK
Gyula Szokoly <szgyula_at_skysrv.Pha.Jhu.EDU>
Bob Grandle
GRANDLE_at_acodbob.larc.nasa.gov
Jeffrey c. Ollie
Iowa Network Services System Administrator
frazier_at_orionb.tti.com
Citicorp TTI
---------------------------------------------------------------------------
ANSWER 1
Your message rang a bell with me, because you are not the first
person to complain that 'crypt' and its collaborator vi -x are missing on
our Digital UNIX (aka DEC OSF/1) product.
These utilities were originally omitted due to the belief that the level of
encryption they provide was controlled for export by the ITAR regulations of
the U.S. government.
In fact, once upon a time, they really were controlled, and the old ULTRIX
Encryption Layered Product was provided only in the U.S. and "trusted"
countries as a way to comply with this regulation.
They are no longer export controlled, and it's an oversight that they are
not in the current product.
I checked with product management, and these should be present in a future
release due out around the end of this calendar year (or early next year).
If you have an ULTRIX system, you might well be able to install the ULTRIX
versions of the utilities if you converted them using the mx utility, but it
is not clear that you'd be licensed to do so.
You may be able to get unsupported versions of the utilities released to you
for your current version of Digital UNIX (which you didn't mention in your
message) through your Digital service support contacts, but they are not in
the standard supported product at the present time. Replacing the utilities
that ship with the system might invalidate your support contract.
Tom
Dr. Thomas P. Blinn, UNIX Software Group, Digital Equipment Corporation
Internet: tpb_at_zk3.dec.com Digital's Easynet: alpha::tpb
---------------------------------------------------------------------------
---------------------------------------------------------------------------
ANSWER 2
Standard UNIX crypt command doesn't use DES, rather it uses so called Enigma,
which is quite weak and attack methods against it are well known.
There is a library service called crypt(3), which uses DES to encrypt password
entries in password file. Would it be possible that you confuse crypt
command and library service to each other?
If you want strong encryption which can be used commercially, you should
consider getting DES (or even Triple DES) or RSA based utilities. You can
get good and well known DES implementations from different FTP sites or
as commercial product from several sources. Be aware though that US
Government has _very_ strict regulations on exporting and importing
encryption technologies using what ever media (network for example),
failure to follow these laws will cause huge financial damage to
company and persons violating these laws. If you wish to move
encryption technology outside of USA and Canada, you will need
so called IVL which is end user specific license for ITAR controlled
technologies. If you don't live in USA, you will need to check local
regulations for DES or other strong encryption methods.
It is possible that future version of Digital UNIX will bring you
Enigma based crypt command by default, but I'm not in position
to make firm commitments. Anyway, I will pass your request on...
I just want to remind you once more: DO NOT use crypt command or vi -x
for anything that requires real security, as breaking Enigma is not
a big challenge and doesn't even need huge computing power!
Jari Tavi
ProdMGMT
Digital Finland
---------------------------------------------------------------------------
---------------------------------------------------------------------------
ANSWER 3
Are you absolutely sure? The traditional Unix "crypt" command is to the best
of my knowledge not based on DES, but something much weaker. Breaking "crypt"
is often given as a student exercise in cryptanalysis. You may be thinking of
the "crypt" library function used to encrypt passwords, which is based on a
modified DES. This has no relationship to the crypt command other than in name.
"crypt implements a one-rotor machine designed along the lines of the German
Enigma, but with a 256-element rotor, Methods of attack on such machines are
widely known, thus crypt provides minimal security"
Martyn Johnson maj_at_cl.cam.ac.uk
University of Cambridge Computer Lab
Cambridge UK
---------------------------------------------------------------------------
---------------------------------------------------------------------------
ANSWER 4
Well, it's not there due to export law controls (Category XIII.: auxilary
military equipement). You can work around this by installing some of the
publicly available/commercial products. PGP (pretty good privacy) is free,
and available both inside and outside the US (different packages, but
supposedly they talk to each other). If you want DES, it is available
in the Numerical Recipes book and accompying disk. You just produce those
random numbers, and XOR the data with it.
Since you are at a .gov site, you might want to check this with your lawyer
to play safe. I think making DES available to non US citizens also falls
into the ammunition smuggling category.
Sane? No. Enforced? You never know.
Gyula Szokoly <szgyula_at_skysrv.Pha.Jhu.EDU>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
ANSWER 5
The problem is that the crypt layer software is protected by export laws
in the US and DEC must sell the software seperately. There is a freeware
version of this software called DESCRYPT that was done by a person in
Sweden that works quite nicely. If you have access to the web look at
http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq/top.html
I have a version compiled for the alphas if you can not find one elsewhere
on the web page I referenced in my earlier message look at parts 5 and 10
Bob Grandle
---------------------------------------------------------------------------
---------------------------------------------------------------------------
ANSWER 6
Avoid crypt(1) like the plague! Even though it may be supposedly be based on
DES, the implementation is very weak. If you want better encryption, PGP can
be used to encrypt files with the IDEA algorithim. It's also free, and you
also gain the ability to use public-key cryptography as well. To get PGP,
FTP to net-dist.mit.edu.
Jeffrey c. Ollie
Iowa Network Services System Administrator
---------------------------------------------------------------------------
Thanks to all that have responded, it was a learning experience
Carlos Touzard email: Carlos.Touzard_at_citicorp.com
Citicorp Services, Inc.
Latin America Consumer Bank
Technology Office.
Received on Thu Jul 13 1995 - 17:54:28 NZST