[ECOS] Protecting RedBoot in the field

Jonathan Larmour jifl@eCosCentric.com
Mon Nov 4 21:40:00 GMT 2002


Gary Thomas wrote:
> On Mon, 2002-10-28 at 08:17, Andrew Lunn wrote:
> 
>>>That said, I think a password (stored in 'fconfig') would be a
>>>great addition.
>>
>>I wondered about encrypting the passwd so its not plain text. But does
>>that get is into US export regulation problems? Is crypt(3) still
>>under restrictions? Can anybody suggest an alternative?
> 
> 
> The restrictions on most simple algorithms (IIRC less than 56 bit
> keys) have been lifted for a couple of years.

Alas it isn't as simple as that: there are different regulations depending 
on the nature of the thing containing encryption and key length among 
other things. In summary, you can be granted an export licence for freely 
downloadable software fairly readily, but each submission requires a 
submission to the US BXA. Any times the encryption code is modified a new 
application is required. Who knows what happens with download mirror sites.

Note that things would become more difficult for commercial 
redistributors/vendors of eCos (especially with the GPL involved) if stuff 
like OpenSSL was properly integrated. It would no longer have the 
exemptions associated with being "freely available", primarily the onerous 
post-export reporting ones.

After a google, this is the best summary of the current status I could find:
http://www.fas.org/irp/news/2000/01/000113-crypto-bxa.htm

That's why (unfortunately) OpenSSL is best left distributed only in the 
Free world.

Jifl
-- 
eCosCentric       http://www.eCosCentric.com/       <info@eCosCentric.com>
--[ "You can complain because roses have thorns, or you ]--
--[  can rejoice because thorns have roses." -Lincoln   ]-- Opinions==mine


-- 
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss



More information about the Ecos-discuss mailing list