More [A tangent on RC5] Cryptography patents (was: openssl lib question.)
Loomis, Rip
GILBERT.R.LOOMIS at saic.com
Sat Dec 30 08:31:07 EST 2000
I hate following up to myself, but
I thought a clarification of one
point (specifically WRT RC5 which
was mentioned in the original question)
might be worthwhile...because what
I should have said originally was
that "To the best of my non-legally-
admissible knowledge, however, none
of the algorithms in the current
*OpenSSH* implementation are currently
encumbered by patents that would
restrict their use in any country."
I definitely can't categorically
discuss every algorithm which is
implemented in OpenSSL.
Anyway, I knew that there were issues
with RC5 but was reasonably certain
that they didn't impact OpenSSH.
I took more of a look at some
of the links I had found (and several
follow-ons), and verified that:
1. A patent for RC5 was granted to
RSA Data Security in March 1998
http://www.delphion.com/details?pn=US05724428__
(although RSA's website claims
the patent was granted May 1997.)
2. RC6 (the AES competitor follow-on
to RC5) is "proprietary of RSA
Security"--and although it's not
public knowledge as to whether
a patent application has been
submitted for RC6, I would
think it likely. (The two
main patents on RC5 would seem
to cover RC6 as well, in the
opinion of most legally-minded
cryptographers. In fact, there
is some reason to believe that
the patents on RC5 helped cause
the selection of Rijndael as the
AES-designate--not because it
is clearly the best, but because
it is more definitively
unencumbered.)
3. I can find bugger-all information
(other than what's above) to be
able to verify what the exact
usage/licensing terms of RC5
really are for the rest of us.
That would appear to be intentional,
since it's RSA Security's most
important remaining patent
(in my very humble opinion).
RSA Security would, one expects,
grant a license for RC5 usage
when given sufficient money.
4. It doesn't appear to matter, since
OpenSSH doesn't actually use
RC5. OpenSSH does allow "Arcfour",
which is widely believed
http://home.earthlink.net/~neilbawd/arcfour.html
to be equivalent to the RSA RC4*
algorithm, but does not use RC5.
5. Most importantly, the bottom of the
ssh(1) clearly states at the
bottom that "This version of
OpenSSH has all components of a
restrictive nature (i.e., patents)
directly removed from the source
code; any licensed or patented
components are chosen from external
libraries", and the OpenSSH FAQ
discusses patents as well (down
in questions 5 & 20):
http://www.openssh.com/faq.html
--so the question is for
another list or lawyer, and should be
phrased, "Of this list of algorithms
which OpenSSH actually uses, which
ones (if any) are encumbered?"
I am confident that the answer is
"none". If on the other hand you
are using OpenSSL in another
application, then the question is
still for another list.
[* The name RC4 is copyrighted by RSA
Security and their implementation of
RC4 was/is a tradesecret, but the
mathematics of RC4 are not patented.]
Again, hope this dissertation helps in
more than just filling up your inbox--
Rip Loomis Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com
> -----Original Message-----
> From: Loomis, Rip [mailto:GILBERT.R.LOOMIS at saic.com]
> Sent: Friday, December 29, 2000 3:24 PM
> To: 'Sunil K. Vallamkonda'
> Cc: openssh-unix-dev at mindrot.org
> Subject: Cryptography patents (was: openssl lib question.)
>
>
> Sunil--
> Actually, you do not "see that openssl
> has some patent issues." You do see that
> OpenSSL implements many algorithms, some
> of which have been (at various times)
> been patented or encumbered in some
> countries.
>
> Without knowing what country you're in,
> none of us here can really give useful advice
> as to which software/algorithm patents
> could potentially apply. To the best
> of my non-legally-admissible knowledge,
> however, none of the algorithms in
> the current OpenSSL implementation
> are currently encumbered by patents
> that would restrict their use in any
> country. (I'll have to defer to others
> with more specific knowledge on this,
> of course).
>
> Specifically, DES, 3DES, and SHA-1 are
> US Government standards and (even if
> still under patent) are in general
> usable worldwide without royalties.
> RSAREF should no longer be required
> in any environment, as the primary RSA public
> key algorithm is now unencumbered:
> http://www.rsasecurity.com/news/pr/000906-1.html
> (In fact, if you're using RSAREF and
> haven't applied patches, you may be
> vulnerable to specific attacks.)
> The only patent-encumbered algorithm
> of which I'm aware which is included
> in any SSH implementation is IDEA--
> which is very specifically not
> included in OpenSSH.
>
> Perhaps a better place to ask this
> question isn't on the OpenSSH list,
> but on one of the many official
> OpenSSL lists:
> http://www.openssl.org/support/
> You could also take a quick look
> around on Google for pointers. It
> didn't take me a whole lot of searching
> to happen upon
> http://www.rsasecurity.com/rsalabs/faq/
> which has a good section on the key
> patents affecting cryptography, or
> http://www.mail-archive.com/openssl-users@openssl.org/msg01425.html
> which is a posting to one of the
> OpenSSL lists regarding patents on
> cryptographic algorithms.
>
> Hope this helps, and Happy New Year if
> you choose the Gregorian calendar!
>
> Rip Loomis Voice Number: (410) 953-6874
> --------------------------------------------------------
> Senior Security Engineer
> Center for Information Security Technology
> Science Applications International Corporation
> http://www.cist.saic.com
>
>
>
> > -----Original Message-----
> > From: Sunil K. Vallamkonda [mailto:sunil at redback.com]
> > Sent: Friday, December 29, 2000 2:48 PM
> > To: Markus Friedl
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: openssl lib question.
> >
> >
> > Hello,
> >
> >
> > I am trying to use openssh with openssl lib on
> > NetBSD. I am not a security expert, thus sending
> > this email to the list. I am not looking for
> > legal advice (which I will contact lawyer), but looking
> > to get general info on what algorithms (such as RC5 etc..)
> > in openssl are used by openssh that may need legal attention.
> > And what are the alternatives ?
> >
> > I see that openssl has some patent issues. It
> > has many ciphers and algorithms:
> >
> > BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
> > CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt,
> > RC5_32_decrypt,
> > RC5_32_encrypt, bn_add_words, bn_div_words,
> bn_mul_add_words,
> > bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
> > bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
> > des_ede3_cbc_encrypt, des_encrypt, des_encrypt2,
> > des_encrypt3,
> > des_ncbc_encrypt, md5_block_asm_host_order,
> > sha1_block_asm_data_order
> >
> > Which of above are legal contenders ?
> > Are BSAFE/RSAREF part of above ?
> >
> > Any information/pointers is appreciated.
> >
> >
> > Thank you.
> >
> > Sunil.
> >
> >
> >
> >
> >
> >
>
More information about the openssh-unix-dev
mailing list