Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#222899: Is this legal? [RFP: djohn -- Distributed password cracker]

0 views
Skip to first unread message

Jose Luis Rivas Contreras

unread,
Jan 4, 2007, 12:40:07 AM1/4/07
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I was checking some old RFP's and I find this one. Is a little program
that distribute the job of cracking passwords using John the Ripper.

I think this is not totally legal to be packaged officially for Debian.

Jose Luis,

P.S. Please CC me your answers since I'm not suscribed to d...@l.d.o, thanks.
- --

ghostbar @ linux/debian 'unstable' on i686 - Linux Counter# 382503
http://ghostbar.ath.cx/ - irc.freenode.net #talug #velug #debian-es
http://debianvenezuela.org.ve - irc.debian.org #debian-es #debian-ve
CHASLUG -- http://chaslug.org.ve - irc.unplug.org.ve #chaslug
San Cristobal - Venezuela. TALUG -- http://linuxtachira.org
Fingerprint = 3E7D 4267 AFD5 2407 2A37 20AC 38A0 AD5B CACA B118
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFnI9POKCtW8rKsRgRAlgXAKDYfWx8+pKERsV5LNzhO+jdzENsCQCgk6jq
zG3lx+DGP7W/R2quspHoZkg=
=FLHO
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Andrew Donnellan

unread,
Jan 4, 2007, 1:10:07 AM1/4/07
to
Password cracking in itself has always been legal AFAIK.

Using password crackers to crack other peoples systems without
permission (ie. illegally obtaining access) is definitely illegal.

There are legitimate uses for tools like djohn, eg. for security
testing, for data recovery, etc.

> To UNSUBSCRIBE, email to debian-leg...@lists.debian.org


> with a subject of "unsubscribe". Trouble? Contact
> listm...@lists.debian.org
>
>


--
Andrew Donnellan
ajdlinuxATgmailDOTcom (primary) ajdlinuxATexemailDOTcomDOTau (secure)
http://andrewdonnellan.com http://ajdlinux.wordpress.com
ajdl...@jabber.org.au hkp://subkeys.pgp.net 0x5D4C0C58
http://linux.org.au http://debian.org
Get free rewards - http://ezyrewards.com/?id=23484

Andrew Donnellan

unread,
Jan 4, 2007, 2:30:09 AM1/4/07
to
On 1/4/07, Masayuki Hatta <mha...@grad.e.u-tokyo.ac.jp> wrote:
> Hi,
>
> >>>>> In <1007a32a0701032156m548...@mail.gmail.com>

> >>>>> "Andrew Donnellan" <ajdl...@gmail.com> wrote:
> > Password cracking in itself has always been legal AFAIK.
>
> > Using password crackers to crack other peoples systems without
> > permission (ie. illegally obtaining access) is definitely illegal.
>
> > There are legitimate uses for tools like djohn, eg. for security
> > testing, for data recovery, etc.
>
> A Japanese software developer was arrested recently because he
> developed a P2P file-sharing implementation called Winny. Winny can
> be used legally, but some (well, I should say many) people used Winny
> as a mean of copyright violation (file sharing of proprietary movies,
> music, and so on). And somehow the police arrested those violators as
> well as the developer.
>
> See:
>
> https://www.cpsr.org/act/global/japan/enews/Winny2006
>
> So, at least in Japan, I think it can be dangerous to develop or
> distribute legal tools with some foreseen illegal use. I know it's
> almost insane(we Debian already distribute such software), and the
> trial is not yet concluded, but that's the situation nowadays.
>
> As usual, IANAL, btw.

AFAIK, in many jurisdictions, in regards to copyright circumvention it
is often determined on the basis of 'is there any commercially viable
legal use?' rather than 'is there any legal use?'. Did anyone
*actually* use the program for legal purposes?

Of course, as you mention the trial is not done yet, and if he's let
off that should set a good precedent.

Masayuki Hatta

unread,
Jan 4, 2007, 2:30:15 AM1/4/07
to
Hi,

>>>>> In <1007a32a0701032156m548...@mail.gmail.com>
>>>>> "Andrew Donnellan" <ajdl...@gmail.com> wrote:

> Password cracking in itself has always been legal AFAIK.

> Using password crackers to crack other peoples systems without
> permission (ie. illegally obtaining access) is definitely illegal.

> There are legitimate uses for tools like djohn, eg. for security
> testing, for data recovery, etc.

A Japanese software developer was arrested recently because he


developed a P2P file-sharing implementation called Winny. Winny can
be used legally, but some (well, I should say many) people used Winny
as a mean of copyright violation (file sharing of proprietary movies,
music, and so on). And somehow the police arrested those violators as
well as the developer.

See:

https://www.cpsr.org/act/global/japan/enews/Winny2006

So, at least in Japan, I think it can be dangerous to develop or
distribute legal tools with some foreseen illegal use. I know it's
almost insane(we Debian already distribute such software), and the
trial is not yet concluded, but that's the situation nowadays.

As usual, IANAL, btw.

--
Masayuki Hatta
Graduate School of Economics, The University of Tokyo

Mike Hommey

unread,
Jan 4, 2007, 2:40:11 AM1/4/07
to
On Thu, Jan 04, 2007 at 06:04:21PM +1100, Andrew Donnellan <ajdl...@gmail.com> wrote:
> AFAIK, in many jurisdictions, in regards to copyright circumvention it
> is often determined on the basis of 'is there any commercially viable
> legal use?' rather than 'is there any legal use?'. Did anyone
> *actually* use the program for legal purposes?
>
> Of course, as you mention the trial is not done yet, and if he's let
> off that should set a good precedent.

But if he's not, that would set a very bad one. And in a country where
the acquittal rate is below 1%[1]...

Anyways, there a huge load of programs, starting with tools provided in
a standard Windows environment, that can be used for copyright
infringment or other illegal affairs. Should we just put all computer
programmers to prison ?

Mike

1. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=259848

Roberto C. Sanchez

unread,
Jan 4, 2007, 7:10:11 AM1/4/07
to
On Thu, Jan 04, 2007 at 01:25:08AM -0400, Jose Luis Rivas Contreras wrote:
> Hi,
>
> I was checking some old RFP's and I find this one. Is a little program
> that distribute the job of cracking passwords using John the Ripper.
>
> I think this is not totally legal to be packaged officially for Debian.
>
Some reason why you think it is illegal and *where* you think it is
illegal would be important and probably also generate a more fruitful
discussion than a simple claim of it's illegal with nothing else.

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

signature.asc

Jose Luis Rivas Contreras

unread,
Jan 4, 2007, 11:50:08 AM1/4/07
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Donnellan escribió:


> Password cracking in itself has always been legal AFAIK.
>
> Using password crackers to crack other peoples systems without
> permission (ie. illegally obtaining access) is definitely illegal.
>
> There are legitimate uses for tools like djohn, eg. for security
> testing, for data recovery, etc.

Great! I was thinking on packaging it but didn't knew if were totally legal.

Thanks!!
Jose Luis,
- --

ghostbar @ linux/debian 'unstable' on i686 - Linux Counter# 382503
http://ghostbar.ath.cx/ - irc.freenode.net #talug #velug #debian-es
http://debianvenezuela.org.ve - irc.debian.org #debian-es #debian-ve
CHASLUG -- http://chaslug.org.ve - irc.unplug.org.ve #chaslug
San Cristobal - Venezuela. TALUG -- http://linuxtachira.org
Fingerprint = 3E7D 4267 AFD5 2407 2A37 20AC 38A0 AD5B CACA B118
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFnSvZOKCtW8rKsRgRAj94AKCc/k16g6hsfoNkZBvlfEKC5MEtJwCgkD5X
y0Um/LE9cG7jsDy0BJpD1us=
=k7yv
-----END PGP SIGNATURE-----


--

0 new messages