removing bdes..

Tue Feb 10 18:09:08 UTC 2015

On Tue, Feb 10, 2015 at 09:58:52AM -0800, John-Mark Gurney wrote:

> Slawa Olhovchenkov wrote this message on Tue, Feb 10, 2015 at 20:52 +0300:
> > On Tue, Feb 10, 2015 at 09:20:39AM -0800, Gleb Kurtsou wrote:
> > 
> > > On (10/02/2015 18:18), Slawa Olhovchenkov wrote:
> > > > On Mon, Feb 09, 2015 at 10:15:02AM -0800, John-Mark Gurney wrote:
> > > > 
> > > > > So, I happen to stuble across bdes recently and think we should remove
> > > > > it..
> > > > > 
> > > > > I'm fine w/ making it a port so that people who need it can use it...
> > > > > 
> > > > > Especially considering:
> > > > >      The DES cipher should no longer be considered secure.  Please consider
> > > > >      using a more modern alternative.
> > > > > 
> > > > > Though sadly, that comment was added almost 15 years after DES was
> > > > > brute forced by DEEPCrack.
> > > > 
> > > > Clear text also insecure. Do you remove all clear text?
> > > 
> > > This is rather odd argument ;)
> > > 
> > > I'm all for removing it. openssl provides file encryption for those who
> > > need it in base.
> > 
> > 3DES remove too? and how to login users with password in 3DES?
> > How to migrate old system with 3DES passwords?
> 
> Please stay on topic, this has nothing to do w/ the proposed removal
> of the bdes utility..

Ah, bdes utility, sorry.
But this is only 20K binary and 25K source and 80K documenation.
And need to update ed(1) (keep 80K documentation?)

     x       Prompt for an encryption key which is used in subsequent reads
             and writes.  If a newline alone is entered as the key, then
             encryption is turned off.  Otherwise, echoing is disabled while a
             key is read.  Encryption/decryption is done using the bdes(1)
             algorithm.