If it is not absolutely imperative that you use DES style encryption, you can use FreeBSD's default encryption for even better security, and with no export restrictions. FreeBSD 2.0's password default scrambler is now MD5-based, and is more CPU-intensive to crack with an automated password cracker than DES.
Since the DES encryption algorithm cannot legally be exported
from the US, non-US users should not download this software (as
part of the secrdist
from US FTP sites.
There is however a replacement libcrypt available, based on sources written in Australia by David Burren. This code is now available on some non-US FreeBSD mirror sites. Sources for the unencumbered libcrypt, and binaries of the programs which use it, can be obtained from the following FTP sites:
ftp://ftp.internat.freebsd.org/pub/FreeBSD
ftp://storm.sea.uct.ac.za/pub/FreeBSD
ftp://ftp.iqm.unicamp.br/pub/FreeBSD
ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt
The non-US securedist
can be used as a direct replacement
for the encumbered US securedist
. This securedist
package is installed the same way as the US package (see
installation notes for details). If you are going to install DES
encryption, you should do so as soon as possible, before
installing other software.
Non-US users should please not download any encryption software from the USA. This can get the maintainers of the sites from which the software is downloaded into severe legal difficulties.
A non-US distribution of Kerberos is also being developed, and
current versions can generally be obtained by anonymous FTP from
braae.ru.ac.za
.
There is a mailing list for the discussion of non-US encryption
software. For more information, send an email message with a
single line saying ``help
'' in the body of your message to
<majordomo@braae.ru.ac.za>
.