[an error occurred while processing this directive] Frequently Asked Questions for FreeBSD 2.X : Installation : DES encryption software can not be exported from the United States. If I live outside the US, how can I encrypt passwords?
Previous: Do I need to install the complete sources?
Next: Hardware compatibility

3.15. DES encryption software can not be exported from the United States. If I live outside the US, how can I encrypt passwords?

If it is not absolutely imperative that you use DES style encryption, you can use FreeBSD's default encryption for even better security, and with no export restrictions. FreeBSD 2.0's password default scrambler is now MD5-based, and is more CPU-intensive to crack with an automated password cracker than DES.

Since the DES encryption algorithm cannot legally be exported from the US, non-US users should not download this software (as part of the secrdist from US FTP sites.

There is however a replacement libcrypt available, based on sources written in Australia by David Burren. This code is now available on some non-US FreeBSD mirror sites. Sources for the unencumbered libcrypt, and binaries of the programs which use it, can be obtained from the following FTP sites:

South Africa

ftp://ftp.internat.freebsd.org/pub/FreeBSD
ftp://storm.sea.uct.ac.za/pub/FreeBSD

Brazil

ftp://ftp.iqm.unicamp.br/pub/FreeBSD

Finland

ftp://nic.funet.fi/pub/unix/FreeBSD/eurocrypt

The non-US securedist can be used as a direct replacement for the encumbered US securedist. This securedist package is installed the same way as the US package (see installation notes for details). If you are going to install DES encryption, you should do so as soon as possible, before installing other software.

Non-US users should please not download any encryption software from the USA. This can get the maintainers of the sites from which the software is downloaded into severe legal difficulties.

A non-US distribution of Kerberos is also being developed, and current versions can generally be obtained by anonymous FTP from braae.ru.ac.za.

There is a mailing list for the discussion of non-US encryption software. For more information, send an email message with a single line saying ``help'' in the body of your message to <majordomo@braae.ru.ac.za>.


Frequently Asked Questions for FreeBSD 2.X : Installation : DES encryption software can not be exported from the United States. If I live outside the US, how can I encrypt passwords?
Previous: Do I need to install the complete sources?
Next: Hardware compatibility [an error occurred while processing this directive]