On Sat, 23 Jan 1999, Bear Giles wrote: > > It supports strong encryption but is exportable from > > the US because it does not have encryption compiled in by default. Instead > > it downloads the scripts it needs from South Africa when it runs for the > > first time. > > This is *extremely* risky behavior. > > [...] > > > South Africa has no export restrictions on cryptography. It > > supports file transfer and secure logins shells. >
I meant that mirrordir supported file transfer and secure logins shells. The scripts are downloaded via ordinary ftp. > > As an aside, why would a mirror program even want strong > encryption? Encryption != authentication, although the implementatons > have significant overlap. > It started as a mirror program. Now its a suite of utilities including a secure shell. I don't think the problem is as big as you say. To illustrate, the connect script follows. We are talking about less than 200 lines of script - an extremely small amount. It could easily become widely publicisely what these scripts are. A script to do checksums on the package itself would only take a few lines. I admit that its not foolproof, but it can easily reach a point where its highly improbably that a user could have a compromised script. On the other hand, users would have the ability to do secure logins on a stock standard system, without having to install a single thing. Also: there is no GPL secure shell (as far as I know). So even the International version of mirrordir with compiled in encryption (i.e. not in scripts) is a worthwhile package which can be downloaded from outside the US just like ssh. It seems to have recieved very little attention considering the need for a GPL secure shell. Is there something that I am missing here? -paul /* client connection script, exporting this script from the US may be in violation of the US munitions export regulations */ Huge *r; Huge *s; Huge *p; Huge *q; Huge *g; Huge *m; Huge *x; Huge *y; Huge *X; Huge *Y; long l; long type; char *c; char *prot; l = strlen ("dIffIe--HelLmaN\n"); if (l != send ("dIffIe--HelLmaN\n", l, 0)) return 0; prot = "1234"; prot[0] = 0; prot[1] = 1; type = typeoption (); prot[2] = type; prot[3] = 0; if (send (prot, 4, 0) != 4) return 0; p = prime (type); g = 2; y = random (typesize (type)); Y = pow (g, y, p); if (writehuge (Y, 0)) return 0; l = strlen ("DIfFiE--hEllMan\n"); if (recv (&c, l, 0) != l) return 1; if (strncmp ("DIfFiE--hEllMan\n", c, l)) return 1; if (!(X = readhuge (0))) return 0; m = pow (X, y, p); huge2bin (m, &c, &l); initarcrd (c, l / 2); /* stream cypher initialisation */ initarcwr (c + l / 2, l / 2); x = 0; y = 0; if (!(y = readhuge (1))) return 0; if (checksavedkey (y, type)) return 0; if (!(r = readhuge (1))) return 0; if (!(s = readhuge (1))) return 0; q = p >> 1; /* signature equation */ if (m != (((pow (g, s, p) * pow (y, r % q, p)) % p * r) % p)) return 0; return 1;