Fwd: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

newer
[opensuse-buildservice] GSoC 2013...

older
[opensuse-buildservice] RAR crack...

Claudio Freire

27 Jul 2013 27 Jul '13

19:44

Forgot to include the list: On Sat, Jul 27, 2013 at 4:26 PM, Kyrill Detinov wrote:

...

On Sat, 27 Jul 2013 13:38:51 -0500 Malcolm wrote:

...
Well I would assume that since it's a cracking tool, it would clarify for OBS users?

Hi.

I hope, it's a recovery tool for forgotten passwords. The program site informs:

Warning: Please don't use this program for any illegal things!

BTW. We have one more tool in the _security_ repository. ;) https://build.opensuse.org/package/show?project=security&package=pdfcrack

It can also be a pen-testing tool. It's really no job of a distribution to worry about how users use the software inside. I mean, if it was a botnet, whose only discernible purpose is inherently illegal, maybe (and just maybe). But password cracking software exists for many reasons other than to crack someone else's password. And even if not, until someone legally complains, and somehow the distribution is forced to remove it, I see no point in banning any software. If it was just the potential for illegal use, you'd also ban cp, since it can be used to copy copyrighted content, and also gimp, since it can be used to edit content licensed under no-derivatives, and whatever other software you could imagine was harmless, which can most certainly be used for some illegal purpose. Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction. So no... there's no reason to ban it. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Show replies by thread

Greg Freemyer

27 Jul 27 Jul

20:57

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...

Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories. Given that tools like metasploit are readily available to the bad guys, it seems important that vulnerability testers have the same access to the tools. Maybe that class of security tools could go into pacman (or maybe they already do). Greg -- Greg Freemyer -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Andrew Joakimsen

20:58

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

It totally depends on the use. It's probably safe to say cracking anything -- be it a RAR file or a safe -- that isn't yours is illegal. By the same virtue we shouldn't ban bash despite it being a powerful tool that has the /potential/ to be used for many, many malicious purposes. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Jan Engelhardt

28 Jul 28 Jul

21:57

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...

On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap? -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Jim Henderson

22:10

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:

...

On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap?

Arguably, those tools are diagnostic tools, not password cracking tools. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Dmitriy Perlow

22:19

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

Jim Henderson Mon, 29 Jul 2013 01:10:43 +0300:

...

On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:

...
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap?

Arguably, those tools are diagnostic tools, not password cracking tools.

Jim

Or password remembering tool ;) Anyway I think such packages should be at packman… -- Dmitriy DA(P).DarkneSS Perlow / Linux x64 -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Jim Henderson

29 Jul 29 Jul

01:35

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Mon, 29 Jul 2013 01:19:46 +0300, Dmitriy Perlow wrote:

...

Jim Henderson Mon, 29 Jul 2013 01:10:43 +0300:

...
On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:

...
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap?

Arguably, those tools are diagnostic tools, not password cracking tools.

Jim

Or password remembering tool ;) Anyway I think such packages should be at packman…

To my knowledge, traceroute doesn't have anything to do with passwords, nor does nmap (nmap is a port scanner, not a password tool). Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Claudio Freire

04:58

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Sun, Jul 28, 2013 at 7:10 PM, Jim Henderson wrote:

...

On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:

...
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap?

Arguably, those tools are diagnostic tools, not password cracking tools.

May I remind people that cracklib (a password cracking library) is part of the core tools? To help check password strength when using passwd? (through pam_cracklib) There's nothing shady about password cracking, as there's nothing shady about copying files. It's the intent and purpose of specific instances of those actions what matters, but that kind of distinction doesn't belong to a software package blacklist. IMHO. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

Marcus Meissner

06:41

New subject: [opensuse-buildservice] Re: RAR crack tool permitted on OBS?

On Mon, Jul 29, 2013 at 01:58:58AM -0300, Claudio Freire wrote:

...

On Sun, Jul 28, 2013 at 7:10 PM, Jim Henderson wrote:

...
On Sun, 28 Jul 2013 23:57:37 +0200, Jan Engelhardt wrote:

...
On Saturday 2013-07-27 22:57, Greg Freemyer wrote:

...
On Sat, Jul 27, 2013 at 3:44 PM, Claudio Freire wrote:

...
Not to mention that password cracking, in my IANAL view (because IANAL), isn't illegal at all. At least in my jurisdiction.

It is not in most jurisdictions, but Germany has some of the strictest laws for computer hacking tool distribution and openSUSE follows German law for the repositories.

If it really was like that, why do we still have traceroute and nmap?

Arguably, those tools are diagnostic tools, not password cracking tools.

May I remind people that cracklib (a password cracking library) is part of the core tools? To help check password strength when using passwd? (through pam_cracklib)

There's nothing shady about password cracking, as there's nothing shady about copying files. It's the intent and purpose of specific instances of those actions what matters, but that kind of distinction doesn't belong to a software package blacklist.

The decision in the end would lay with lawyers and judges. So we *could* poll our legal folks on that question, but as all legal people they will more tend to be careful ;) I vaguely remember that for guidance the primary purpose of the tool is questioned here. If it is primary or even solely for hacking purposes, it is considered a hacker tool. If it is multi purpose (like tcpdump, nmap, wireshark, or john) it is more or less ok. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

3923

Age (days ago)

3925

Last active (days ago)

List overview

Download

8 comments

7 participants

participants (7)

Andrew Joakimsen
Claudio Freire
Dmitriy Perlow
Greg Freemyer
Jan Engelhardt
Jim Henderson
Marcus Meissner