[osol-discuss] Tool for finding crypto in code
Hi, just wanted to see if anyone had considered/was working on something like this. I hear the laws around the export of strong crypto are not as strict as they used to be, but that there are still some countries that you are not allowed distribute it to. Are there any tools for identifying crypto in code? For example, how do linux distro maintainers catch this stuff? -Chrisk This message posted from opensolaris.org ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] Tool for finding crypto in code
Christian Kelly wrote: Hi, just wanted to see if anyone had considered/was working on something like this. I hear the laws around the export of strong crypto are not as strict as they used to be, but that there are still some countries that you are not allowed distribute it to. Are there any tools for identifying crypto in code? No because it would be virtually impossible. You could certainly use common patterns and look for usage of commonly known crypto libraries. However if the developer of a given bit of software wants to hid the use of crypto any analsysis tool other than a good developers human brain is going to have a hard time finding it. As far as US export control is concerned at a high level open source is pretty much exempt (but binaries built *from* the source are not). Some countries have import restrictions. If you have a concern about Sun's distribution of Solaris or a project you are working on inside Sun that is destined for Solaris or any other Sun work then please contact me off line and I'll help you out. -- Darren J Moffat ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
