Algorithm licensing

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Algorithm licensing

Kramer, Mat

Hello,

 

We are using OpenSSL in an embedded device.  I have been told that some of the cipher suites include patented algorithms that must be licensed.  The OpenSSL FAQ is intentionally vague about what algorithms are protected, although it recommends a specific configuration to remove RC5, IDEA and MDC2.  Are these the only three that are protected?  Is there anywhere I can find out definitively what algorithms are protected?

 

Thanks,

 

-Mat

 

Reply | Threaded
Open this post in threaded view
|

RE: Algorithm licensing

Ted Mittelstaedt
 
md5 is not patented.  des and 3des the patent expired.  Blowfish was originally published
not patented.  That's all I know.  With Cisco IPSec work just about all configs use md5, sha,
des and 3des and Cisco isn't known for liking to pay royalties to anyone.  If I were you I
would stick with md5, des and 3des.
 
Ted
-----Original Message-----
From: [hidden email] [mailto:[hidden email]]On Behalf Of Kramer, Mat
Sent: Monday, July 11, 2005 1:34 PM
To: [hidden email]
Subject: Algorithm licensing

Hello,

 

We are using OpenSSL in an embedded device.  I have been told that some of the cipher suites include patented algorithms that must be licensed.  The OpenSSL FAQ is intentionally vague about what algorithms are protected, although it recommends a specific configuration to remove RC5, IDEA and MDC2.  Are these the only three that are protected?  Is there anywhere I can find out definitively what algorithms are protected?

 

Thanks,

 

-Mat

 

Reply | Threaded
Open this post in threaded view
|

Re: Algorithm licensing

Joseph Oreste Bruni
I found this via google

http://www.cs.rochester.edu/users/faculty/nelson/courses/cryptology/ 
notes/lecture_19.txt





On Jul 12, 2005, at 8:28 PM, Ted Mittelstaedt wrote:

>
> md5 is not patented.  des and 3des the patent expired.  Blowfish  
> was originally published
> not patented.  That's all I know.  With Cisco IPSec work just about  
> all configs use md5, sha,
> des and 3des and Cisco isn't known for liking to pay royalties to  
> anyone.  If I were you I
> would stick with md5, des and 3des.
>
> Ted
> -----Original Message-----
> From: [hidden email] [mailto:owner-openssl-
> [hidden email]]On Behalf Of Kramer, Mat
> Sent: Monday, July 11, 2005 1:34 PM
> To: [hidden email]
> Subject: Algorithm licensing
>
> Hello,
>
>
>
> We are using OpenSSL in an embedded device.  I have been told that  
> some of the cipher suites include patented algorithms that must be  
> licensed.  The OpenSSL FAQ is intentionally vague about what  
> algorithms are protected, although it recommends a specific  
> configuration to remove RC5, IDEA and MDC2.  Are these the only  
> three that are protected?  Is there anywhere I can find out  
> definitively what algorithms are protected?
>
>
>
> Thanks,
>
>
>
> -Mat
>
>
>
>


smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Algorithm licensing

vinmclellan
In reply to this post by Ted Mittelstaedt
Hi Mat, Ted:

RC5 was invented by MIT Prof Ron Rivest in 1994 for RSA Security, and RSA
received a US patent for RC5 in May of 1997.  RSA licenses RC5 separately
-- as well as part of its BSAFE SDKs (including the BSAFE Crypto-C Micro
Edition, and BSAFE SSL-C Micro Edition:.) See: <http://tinyurl.com/aeosg>.

RSA never patented or otherwise restricted the use of Rivest's hashes: MD2,
MD4, and MD5.  Over the years, however, the integrity of each of these has
been undermined by advances in cryptanalytic research.  As far back as
1996, RSA Labs publicly urged developers to use the 160-bit SHA-1 hash,
instead of MD5, and to plan for the migration of existing MD5
implementations.

Further research into MD5 vulnerabilities has led RSA to bluntly and
repeatedly declare MD5 "broken" and insecure.

I don't know what your alternative are in OpenSSL, but reports earlier this
year about a new attack on the 160-bit SHA-1 by Xiaoyun Wang, Yiqun Lisa
Yin, and Hongbo Yu led many developers to shift to SHA-256 (and to call for
a major AES-style development effort to explore alternative constructs for
one-way functions.)

RSA Labs, for which I've been a consultant for many years, published a
couple of summary notes on the SHA-1 developments
at:<http://www.rsasecurity.com/rsalabs/>

Hope this helps.

Suerte,

                  _Vin

--------- in response to ---------------------------------------------

Ted Mittelstaedt <tedm_at_toybox.placo.com>  wrote:

>
>md5 is not patented.  des and 3des the patent expired.  Blowfish was
>originally published
>not patented.  That's all I know.  With Cisco IPSec work just about all
>configs use md5, sha,
>des and 3des and Cisco isn't known for liking to pay royalties to
>anyone.  If I were you I
>would stick with md5, des and 3des.
>
>Ted
>
>>-----Original Message-----
>>From: [hidden email]
>>[mailto:[hidden email]]On Behalf Of Kramer, Mat
>>Sent: Monday, July 11, 2005 1:34 PM
>>To: [hidden email]
>>Subject: Algorithm licensing
>>
>>Hello,
>>
>>
>>
>>We are using OpenSSL in an embedded device.  I have been told that some
>>of the cipher suites include patented algorithms that must be
>>licensed.  The OpenSSL FAQ is intentionally vague about what algorithms
>>are protected, although it recommends a specific configuration to remove
>>RC5, IDEA and MDC2.  Are these the only three that are protected?  Is
>>there anywhere I can find out definitively what algorithms are protected?
>>
>>
>>
>>Thanks,
>>
>>
>>
>>-Mat
>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Algorithm licensing

Ted Mittelstaedt

Ah yes, I had heard about the attack on SHA and had read about it,
but it didn't seem to be that practical.

SHA is not patented:

http://grouper.ieee.org/groups/1363/P1363/letters/NIST.txt

Actually, regardless of the cipher you use, unless you have
a truly random source of numbers, your going to undermine the
strength of your encryption.  For an embedded system, such a
thing has to be designed in from the get-go, as a software
PRNG is generally nowhere near good enough.

The AMD and Intel CPU's both have hardware random number
generators on-chip.  That is, the most advanced and expensive
CPUs do.  I don't know that these are in common use among
embedded systems yet, though.

Ted

>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]]On Behalf Of Vin McLellan
>Sent: Wednesday, July 13, 2005 12:28 AM
>To: [hidden email]
>Subject: RE: Algorithm licensing
>
>
>Hi Mat, Ted:
>
>RC5 was invented by MIT Prof Ron Rivest in 1994 for RSA
>Security, and RSA
>received a US patent for RC5 in May of 1997.  RSA licenses RC5
>separately
>-- as well as part of its BSAFE SDKs (including the BSAFE
>Crypto-C Micro
>Edition, and BSAFE SSL-C Micro Edition:.) See:
><http://tinyurl.com/aeosg>.
>
>RSA never patented or otherwise restricted the use of Rivest's
>hashes: MD2,
>MD4, and MD5.  Over the years, however, the integrity of each
>of these has
>been undermined by advances in cryptanalytic research.  As far back as
>1996, RSA Labs publicly urged developers to use the 160-bit SHA-1 hash,
>instead of MD5, and to plan for the migration of existing MD5
>implementations.
>
>Further research into MD5 vulnerabilities has led RSA to bluntly and
>repeatedly declare MD5 "broken" and insecure.
>
>I don't know what your alternative are in OpenSSL, but reports
>earlier this
>year about a new attack on the 160-bit SHA-1 by Xiaoyun Wang,
>Yiqun Lisa
>Yin, and Hongbo Yu led many developers to shift to SHA-256 (and
>to call for
>a major AES-style development effort to explore alternative
>constructs for
>one-way functions.)
>
>RSA Labs, for which I've been a consultant for many years, published a
>couple of summary notes on the SHA-1 developments
>at:<http://www.rsasecurity.com/rsalabs/>
>
>Hope this helps.
>
>Suerte,
>
>                  _Vin
>
>--------- in response to ---------------------------------------------
>
>Ted Mittelstaedt <tedm_at_toybox.placo.com>  wrote:
>>
>>md5 is not patented.  des and 3des the patent expired.  Blowfish was
>>originally published
>>not patented.  That's all I know.  With Cisco IPSec work just
>about all
>>configs use md5, sha,
>>des and 3des and Cisco isn't known for liking to pay royalties to
>>anyone.  If I were you I
>>would stick with md5, des and 3des.
>>
>>Ted
>>
>>>-----Original Message-----
>>>From: [hidden email]
>>>[mailto:[hidden email]]On Behalf Of Kramer, Mat
>>>Sent: Monday, July 11, 2005 1:34 PM
>>>To: [hidden email]
>>>Subject: Algorithm licensing
>>>
>>>Hello,
>>>
>>>
>>>
>>>We are using OpenSSL in an embedded device.  I have been told
>that some
>>>of the cipher suites include patented algorithms that must be
>>>licensed.  The OpenSSL FAQ is intentionally vague about what
>algorithms
>>>are protected, although it recommends a specific
>configuration to remove
>>>RC5, IDEA and MDC2.  Are these the only three that are protected?  Is
>>>there anywhere I can find out definitively what algorithms
>are protected?
>>>
>>>
>>>
>>>Thanks,
>>>
>>>
>>>
>>>-Mat
>>
>>
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Algorithm licensing

Michael Sierchio
Ted Mittelstaedt wrote:

> Actually, regardless of the cipher you use, unless you have
> a truly random source of numbers, your going to undermine the
> strength of your encryption.  For an embedded system, such a
> thing has to be designed in from the get-go, as a software
> PRNG is generally nowhere near good enough.
>
> The AMD and Intel CPU's both have hardware random number
> generators on-chip.  That is, the most advanced and expensive
> CPUs do.  I don't know that these are in common use among
> embedded systems yet, though.

Hardware Random Bit Generators have variable bit rates, and
maximum bit rates that peak at about 16k bps.  This isn't
enough material for padding, keys, nonces, etc. on a busy
server.

The solution still is to create a /dev/random style device with
a strong PRNG (Yarrow, Tenebras) taking random bits as they
become available from the true source of randomness to perturb
the internal state.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Algorithm licensing

Ted Mittelstaedt


>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]]On Behalf Of Michael Sierchio
>Sent: Wednesday, July 13, 2005 1:26 PM
>To: [hidden email]
>Subject: Re: Algorithm licensing
>
>
>Ted Mittelstaedt wrote:
>
>> Actually, regardless of the cipher you use, unless you have
>> a truly random source of numbers, your going to undermine the
>> strength of your encryption.  For an embedded system, such a
>> thing has to be designed in from the get-go, as a software
>> PRNG is generally nowhere near good enough.
>>
>> The AMD and Intel CPU's both have hardware random number
>> generators on-chip.  That is, the most advanced and expensive
>> CPUs do.  I don't know that these are in common use among
>> embedded systems yet, though.
>
>Hardware Random Bit Generators have variable bit rates, and
>maximum bit rates that peak at about 16k bps.

These guys claim 2Mbt/s on the R230:

http://www.protego.se/sg200_d.htm

Although, they don't say exactly how it works so there's no
way to double-check their claims that it's truly random.

Ted
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]