[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[harik@chaos.ao.net: Bug#47735: VIM includes encryption. Needs to become a non-US package.]

Guys, I'm a bit at a loss here. I'm quite sure the encryption in vim is
not strong enough to fall under the US export-laws, but I would like
someone to confirm this..


----- Forwarded message from Dan Merillat <harik@chaos.ao.net> -----

Subject: Bug#47735: VIM includes encryption.  Needs to become a non-US package.
Reply-To: Dan Merillat <harik@chaos.ao.net>, 47735@bugs.debian.org
X-Debian-PR-Message: report 47735
X-Debian-PR-Package: vim
To: submit@bugs.debian.org
Date: Mon, 18 Oct 1999 12:37:45 -0400
From: Dan Merillat <harik@chaos.ao.net>

Package: vim
Version: all

I'm not sure when encryption was included, but it probably violates
US export laws.  The note in the documentation is:

	"Vim originates from the Netherlands.  That is where the 
	sources come from.  Thus the encryption code is not exported
	from the USA."

However, Debian is in the USA, so the source IS exported.

Further notes (from VIM documentation)

- The algorithm used is breakable.  A 4 character key in about one hour, a 6
  character key in one day (on a Pentium 133 PC).  This requires that you know
    some text that must appear in the file.  An expert can break it for any key.
 - Pkzip uses the same encryption, and US Govt has no objection to its export.
   Pkzip's public file APPNOTE.TXT describes this algorithm in detail.

HOWEVER, PKzip is ONLY a binary.  Binaries with weak encryption are
exportable.  When the source is included, it's not.  Remember, those
same forigeners who can't type in source from a book are able to 
modify source to increase the encryption strength...

Also, since it uses the same algo as pkzip, it falls under the same
restrictions as zip-crypt and unzip-crypt, both of which are non-us.

My personal prefrence would be to neuter the source of encryption, since
it's neither strong nor standard.  No other editor can unlock vim encrypted
files (that I know of).   Standalone encryption packages are probably


----- End forwarded message -----

 / Generally uninteresting signature - ignore at your convenience  \
| wichert@liacs.nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Attachment: pgpfKnl6xYMEH.pgp
Description: PGP signature

Reply to: