Cryptography patents (was: openssl lib question.)

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Sat Dec 30 07:24:13 EST 2000


Sunil--
Actually, you do not "see that openssl
has some patent issues."  You do see that
OpenSSL implements many algorithms, some
of which have been (at various times)
been patented or encumbered in some
countries.

Without knowing what country you're in,
none of us here can really give useful advice
as to which software/algorithm patents
could potentially apply.  To the best
of my non-legally-admissible knowledge,
however, none of the algorithms in
the current OpenSSL implementation
are currently encumbered by patents
that would restrict their use in any
country.  (I'll have to defer to others
with more specific knowledge on this,
of course).

Specifically, DES, 3DES, and SHA-1 are
US Government standards and (even if
still under patent) are in general
usable worldwide without royalties.
RSAREF should no longer be required
in any environment, as the primary RSA public
key algorithm is now unencumbered:
  http://www.rsasecurity.com/news/pr/000906-1.html
(In fact, if you're using RSAREF and
haven't applied patches, you may be
vulnerable to specific attacks.)
The only patent-encumbered algorithm
of which I'm aware which is included
in any SSH implementation is IDEA--
which is very specifically not
included in OpenSSH.

Perhaps a better place to ask this
question isn't on the OpenSSH list,
but on one of the many official
OpenSSL lists:
  http://www.openssl.org/support/
You could also take a quick look
around on Google for pointers.  It
didn't take me a whole lot of searching
to happen upon
  http://www.rsasecurity.com/rsalabs/faq/
which has a good section on the key
patents affecting cryptography, or
  http://www.mail-archive.com/openssl-users@openssl.org/msg01425.html
which is a posting to one of the
OpenSSL lists regarding patents on
cryptographic algorithms.

Hope this helps, and Happy New Year if
you choose the Gregorian calendar!

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com



> -----Original Message-----
> From: Sunil K. Vallamkonda [mailto:sunil at redback.com]
> Sent: Friday, December 29, 2000 2:48 PM
> To: Markus Friedl
> Cc: openssh-unix-dev at mindrot.org
> Subject: openssl lib question.
> 
> 
> Hello,
> 
> 
> I am trying to use openssh with openssl lib on
> NetBSD.  I am not a security expert, thus sending
> this email to the list. I am not looking for
> legal advice (which I will contact lawyer), but looking
> to get general info on what algorithms (such as RC5 etc..) 
> in openssl are used by openssh that may need legal attention.
> And what are the alternatives ?
> 
> I see that openssl has some patent issues. It
> has many ciphers and algorithms:
> 
> BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
>          CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt,
> RC5_32_decrypt,
>          RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
>          bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
>          bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
>          des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, 
> des_encrypt3,
>          des_ncbc_encrypt, md5_block_asm_host_order,
> sha1_block_asm_data_order
> 
> Which of above are legal contenders ?
> Are BSAFE/RSAREF part of above ?
> 
> Any information/pointers is appreciated.
> 
> 
> Thank you.
> 
> Sunil.
> 
> 
> 
> 
> 
> 





More information about the openssh-unix-dev mailing list