RSA Released Into The Public Domain

Legolas-Greenleaf writes "According to the this news release on RSA Security's website, the RSA algorithm was released into the public domain today (September 6th, 2000). This is in advance of their US patent expiring on the 20th. There is some more information in their RSA FAQ."

RSA BSAFE software?

[trbloom]

Is ssh or apache ssl based on the RSA algorithm or the BSAFE software?

Re:RSA BSAFE software?

[Draoi]

Is ssh or apache ssl based on the RSA algorithm or the BSAFE software?

Well, OpenSSL and ModSSL are both based on SSLeay & both contain RSA algorithms. That's why it's recommended that if you're in the US and using OpenSSL, you disable RSA (and IDEA) ciphers during config. It's in the FAQ.

Re:RSA BSAFE software?

[UID30]

OpenSSL can use (if you find it, download it, and compile it separately) RSA, and Apache can use OpenSSL (either through mod_ssl or apache+ssl). BSAFE is a product sold by RSA Security Inc which performs much the same as the OpenSSL libraries. BSAFE is, I believe, used by Stronghold and other 'supported' Apache based SSL servers.

I've never used the BSAFE libraries myself, but believe that the major advantage to using them seems to be the RSA License you recieve when you purchase BSAFE.

Re:RSA BSAFE software?

[Draoi]

Is ssh or apache ssl based on the RSA algorithm or the BSAFE software?

Oh, and ssh is based on RSA algorithms, tho' it also has Blowfish available. To get around the licensing restrictions around RSA, the OpenBSD guys have you download OpenSSL first and build ssh by linking to the OpenSSL crypto shlibs .... The newer version of ssh (Version 2) doesn't use RSA crypto, BTW.

Check out the OpenBSD crypto pages

Re:big deal

[SquadBoy]

The big deal is that you can now in the US use apps based off of it legally. This *is* a big deal for those of us trying to do security work in the states. It means I can now give my clients the really neat toys.

Wow! Two weeks early!

[egburr]

It sure is nice of them to officially release this to the public domain a whole two weeks before it would have automatically gone there anyway.

Edward Burr

Re:Ogg Vorbis is not particularly good...

[DarkMan]

OK, want to quantifify _when_ you tried ogg?

Cos right after the beta announcement, I got sound quality comparable to MP3, at the same encoding rate.

That's across my entire music collection, much of which is the 'nightmare' scenario - acappella, or simple acoustic perfromances.

Yes, it takes a long time. That is true. No one has ever tried to deny that. It takes about 10 times longer than MP3 to encode, and about twice as much porcessor power as MP3 to decode. Or, 6% in my case.

This is totally unoptimised code. The bleeding edge CVS is starting to optimise, so watch the processor use tumble.

This is what's supposed to happen

[Animats]

First, RSA really was a major invention. Public-key cryptography was at first believed to be impossible. Even after the basic concept was developed, the first algorithm (the knapsack problem) turned out to be easily invertable and thus insecure. The advantage of RSA is that it exploits a problem, factoring the product of two primes, that's received considerable attention in the mathematical community without being cracked.

Second, RSA got their 17 years of exclusivity, and now it's public domain. That's how patents work. It took a long time to build a business on the technology. I visited RSA around ten years ago, when they had a tiny suite of offices in Redwood City, no significant customer base, and a hard-to-use product for DOS.

Third, now that it's finally out there, it's time for the open-source community to get it into standard electronic mail. Now that PGP has been discovered to have a backdoor, that's not the way to go.

Re:That's Probably Why They Did This

[JCCyC]

AFAIK there's more than one LZW-related patent, with different expiration times. Can't remember the exact details, though.

But yes, I do expect similar moves from Unisys when their LZW patent(s) come close to expiring time. Maybe they'll force their managerial staff to cut out those ridiculous upward-pointing cones of hair from the side of their heads, too.

Maybe the MPAA can use RSA instead of CSS

[gfecyk]

Rather than use the weird watermarking schemes I've read about, maybe they could now use 128-bit CAST and RSA in the "DVD 2.0" spec to encrypt the disks. The RSA Patent's expired, the US relaxed crypto export regulations, and AFAIK CAST's been royalty-free forever. Or they could use Triple-DES.

Hell, it worked for millions of PGP users, even with the ADK bug.

Re:So how will this affect us?

[krady]

The whole point of a patent is that it is anti-competitive. It is there to protect you from competition so that you are encouraged to publicise the work.

Re:Symbolism and significance.

[lpontiac]

One such program was PuTTY, which is actually written, maintained and hosted by one man, in the United Kingdom. Same with a lot of other things. Nothing illegal about him writing it, but it was illegal for an American to download and use it within their national borders.

Nothing was left out (not that, anyway)

[Viking+Coder]

It's the other way around. You already have primes p and q, and you just multiply to find n.

Re:Why should copyrights last longer than patents?

[uSuRa]

Well disney wanted to coninue their revenue
stream for Donald Duck et al, and lobbyed
for an extension ... unfortunately succesfully ..

--

Re:If only Fraunhaufer would do the same.

[Hooha+Man]

I had the same problem, however a newer version has since been released - called oggenc rather than ogglame and this works correctly for me.
Still can't change details in Winamp but that is a plugin functionality thing rather than an ogg problem.
The only downer, for me, is that playback takes about 10%-15% processor time - my computer: Celeron 300a@450, W2K. OGG bitrate: VBR based around 192kbits. This is just enough of a hit to make Quake3 jerky :(


<O O&gt
( \/ )
X X

Um, that is what patent law is FOR

[tilly]

To encourage people to make public their inventions so that they eventually enter the public domain.

You were allowed to look at it. You were supposed to look at it. But you were not supposed to use it without paying RSA until the patent expires or they say you can.

They just said you can.

Cheers,
Ben

Re:RSA and GPG

[Omnifarious]

What about EL Gamal's problem with choosing the same 'k' twice?

Re:Can't "re-patent" a twist...

[mOdQuArK!]

...provided that I have creatively improved upon the original.

"Creative" has a very specific legal/wording meaning to the US Patent Office, which often seems to be much different than what a common, ordinary layperson would consider "creative".

I've been watching some companies get new patents solely by using feedback from the Patent Office about why a particular patent was not "creative" to change the wording of their patent so it became "creative" - all w/o actually attempting to even make a prototype or a design based on the ideas in the patent.

Ah, yes...

[Viking+Coder]

Sorry, I didn't realize you were being cute. :) Well, it's simple - first you adjust the Heisenberg Compensators - then it's a simple matter of constructing an inverse tacheon field...

Re:Ah, yes...

[grarg]

Romulan Security Agency?

It all makes sense now...

IDEA is not free.

[Nonesuch]

SSH uses RSA for the public/private keys and authentication, but other algorithms for the actual stream ciphers when the connection is open.

Some ciphers are free but weak, some are free, strong, and slow (Triple DES), while IDEA is faster, strong, but covered by it's own patent (Patent 5,214,703), no connection to RSA...

So the answer to your question is, NO, not if you include IDEA. Details (in german).

Re:RSA and GPG

[krokodil]

This is good news for me indeed. I have
PGP key which was generated 5 years ago
with RSA algorithm. I am using it in several
places and do not really want to have new key
generated.

I hope this news will allow me to use my old
PGP key in GPG.

Re:So many questions...

[krady]

A single RSA key can be used for both signing and encryption (thought he wisdom of this is debatable).

RSA keys are far smaller than DH-EG ones.

RSA signature verification (the most commonly performed operation in the real world) is far faster than DSA.

RSA is far more widely deployed than DSA and especially DH-EG.

Branding

[jjr]

This move will some away from them. But most companies will stay with RSA because of the name value they give for security.

Re:Brilliant news!

[-brazil-]

Couldn't you just have said "the US patent system sucks donkey balls" and be done with it?

That's Probably Why They Did This

[Greyfox]

One last poke in the eye of the community before the patent expires. It'd be kind of like unisys releasing LZW into public domain 14 days before the patent expires.

Re:How magnanimous.

[gatzke]

"Does this mean that "A" has finally found a NP-space P-time inverse, and the whole algorithm becomes no more than a toy! "

If he did, he would win that million dollar prize that was posted on /. a few months back. He probably could make much more moolah just using his P time algorithm... Reminds me of the movie Sneakers. I wonder what goes on behind our backs...

Plus, with quantum computing moving along, all (most) security will be obsolete.

Ed

The alternative outcome

[grahamsz]

RSA today announced that they have recruited some of the lawyers involved in defending the MPAA's CSS scheme.

They hope that with legal backing they can extend the patent on their algorithm indefinitely. Also they have found (looking back at their patent) that they own all public key cryptography patents and anyone infringing on them will be forced to pay up. Anyone refusing will be struck down - i'm told adi shamir is quite hot with a minigun :)

Re:The alternative outcome

[sethgecko]

Thanks for pointing that out. It didn't occur to me what a good thing this public domaining really was. I don't know how feasible your scenario really would be, but it sounds a lot like something a lot of other organizations might try.

note--the parent post makes a lot more sense if you read its title--"The Alternative outcome."

Re:Oooh i'll finally be able to look at the algori

[Evangelion]

Uhh, dude, that's what a patent is - when you patent it, you are forced to reveal it to the public.

Patents just make sure that no one else is allowed to make a product based on the idea unless you let them.

--

Re:If only Fraunhaufer would do the same.

[Admiral+Lazzurs]

Yea, but that is not important, because mp3's replacment is just around the corner, it is called vorbis, it is very open and it is way better than mp3 :)

Apostrophe shy...

[Tet]

When I first looked at the FAQ, I thought they were being very apostrophe shy, omitting them from words like "companys", "securitys" etc. However, looking at the page again in Netscape instead of Lynx shows that they're just just using Microsoft moronic HTML. Sigh.

Re:Apostrophe shy...

[BlowCat]

Actually, you can set "Assumed document character set" in Lynx to win-1252 to see the apostrophes.

great! but...

[sTeF]

dont't make another licensig problem out of it, please! i haven't read the licensing info yet.

Wow, that's so very big of them...

[jimhill]

Gosh...after almost 17 years, RSA (the company) decides to release RSA (the algorithm) into the public domain. And it's two whole weeks before the patent expires! Gosh! You guys are so swell! I'm going to use RSA in all my security products to support your selflessness and your generous to the world community!

Bah.

Setting aside one's beliefs on the idea behind being able to get a patent on math, there's the underlying assumption from RSA (the company) that we should be grateful because they've deigned to surrender their oh-so-valuable intellectual property after extracting only 99.77% of the life of the patent. Don't do me any favors, guys -- I'll find my own algorithms.

Re:Wow, that's so very big of them...

[jimhill]

Normally I don't really get too worked up about how my posts are moderated; I'm here to express opinions, not rack up some kind of score.

But "Flamebait"?

Sneering contempt is what I was going for. To put it in a more-easily digestible form for the sarcasm-impaired person or persons who considered my original post "Flamebait":

It is obvious from the press release that RSA expects this to be a good PR move. I hope that people are not taken in by that, because releasing a patented algorithm into the public domain 16 years, 50 weeks into its 17-year patent is far from an act of generosity.

On another note, a re-read makes my original post look like I'd rather roll my own algorithms than use RSA -- no way, now how. I don't have anywhere near the crypto skills to produce anything more secure than ROT-13. What I meant was that since RSA has been so uptight about enforcing their patent, I (and the rest of the crypto-using folks out there) have had to find alternate methods (el-Gamal, etc.) of performing the tasks that RSA is used for. I see no reason to abandon those algorithms now that RSA has so generously released theirs.

The question still stands...

[macdaddy]

...am I finally free to use that SSH client in the US now (which I've been using for years.. sssshhhhh....) or does RSA have some other means of bending me over a barrel if they find out?

This is why C2Net was acquired by Red Hat, too.

[image]

As a footnote, I believe this is also why C2Net was acquired by Red Hat. C2Net could no longer show a revenue model licensing their Stronghold software for a fee that is now available for free (as Apache/mod_ssl). Red Hat liked C2Net's management team and their technical expertise and chose to pick them up at the right price.

Re:Ogg Vorbis is not particularly good...

[Erbo]

Funny...I tried a comparison myself just this past weekend, using some freshly-ripped .WAV files. I encoded them to MP3 with LAME 3.70, and to OGG format with oggenc -m2 (to get similar bitrates, approximately 128 Kbps). They sounded pretty much the same when played back over both XMMS and WinAmp (with appropriate Vorbis plugins installed in each case)...and I was listening over headphones to check them out. The file sizes were very similar, too.

Now, I'll grant you this is a bit unscientific (hell, it's not even in the same ballpark with "scientific"), but it seems to me that the Vorbis guys have done a hell of a job thusfar, even considering the format and tools are still "beta." If there were a little better support for comment tags in the player tools, I would probably be switching everything over from MP3 to OGG format right now...

Eric
--

Re:Brilliant news!

[homer_ca]

Yes, such corporate generosity is absolutely unprecedented. They release their patent to the public domain a whopping 2 weeks before it expires. Don't fall for this cheap publicity stunt. They're just trying to grab the headlines away from the RSA patent expiration parties.

Re:So how will this affect us?

[sconeu]

The company I work for produced its products in US and rest-of-world flavours only.

That may not have been a patent issue, but a result of the brain-dead US crypto laws, which considered strong crypto a muntion for purposes of export under ITAR.

Re:first

[Rader]

I'm sure that if it has, someone will post a link to it for karma points.

Rader

Big Problems Ahead

[PingXao]

Just look at the first couple of lines of the press release:

RSA Security Releases RSA Encryption Algorithm into Public Domain

"c = me mod n" Made Available Two Weeks Early

This basically says "We patented this equation". The whole fiasco surrounding software and business patents is going to get really ugly. At some point the ridiculousness of these kinds of patents will become obvious, even to the many judges in the US that have their heads planted firmly up their rectums. If we could get the politicians to get their hands out of the lobyists' pockets things would move along even faster.

Oh, yeah, I almost forgot:

2 + 2 = 4
patent pending

And boy, are you all gonna pay for using that. Anyone who has ever said that without getting a license from me will be really sorry.

Re:implementation in Java?

[kill-1]

The encryption/decryption is really easy:

import java.math.BigInteger;

public BigInteger rsa(BigInteger key, BigInteger modulus, BigInteger msg)
{
msg.modPow(key, modulus);
}

Key generation is not very difficult either. Use the modInverse() funtion.

Re: you left something out ...

[Our+Man+In+Redmond]

I don't know, maybe we should ask Bill Gates?

From http://www.vi s.caltech.edu/~pz/letters-from-the-front/bill-gate s.html:

"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." (Bill Gates, The Road Ahead, Viking Penguin (1995), p. 265.)

--

Re:implementation in Java?

[kill-1]

Oh, there's a return missing. Blame Perl.

Re:Public Domain? What's the angle here?

[Legolas-Greenleaf]

Actually, i was sucessful in being moderated as both a troll AND flamebait. Woohoo! This has got to be the best story ever. (My story, I got first post, karma whore, troll, and flaimbait). =^)

Well, it certainly made my day.

And your hypothesis about meta moderating seems to work. This post is interesting. ;^)
-legolas

i've looked at love from both sides now. from win and lose, and still somehow...

Re:What about my RSA party?

[Lord+Kano]

wonder what getting laid feels like?

It's wonderful, like warm apple pie.

LK

Re:Stronghold

[daviddennis]

You're right; I had our company do the exact same thing.

I guess I can run Apache/SSL on our backup server now; this is excellent news, even though we all knew it was coming.

What happens to the RSA firm? Do they more or less go out of business now that they have nothing to sell?

D

----

RSA vs El Gamal

[rjh]

RSA is built on the integer factorization problem; El Gamal is built on the discrete logarithm problem. If you can get a general solution for the discrete logarithm problem, then you're also going to get a solution for the integer factorization problem--but knowing how to factor arbitrarily large numbers doesn't help you with discrete logs.

Insofar as keysize goes, 2048 bits is plenty sufficient for every attack we can foresee. If you want to be truly paranoid, go for 3072 bits; even with quantum computation, it's still as hard as RSA-1536.

Personally, I don't think RSA is ever going to be cracked by brute force--so this trend among the cryptoparanoid towards larger and larger keys is somewhat silly. I think it's far more likely that either (a) a general solution to the factorization problem will be discovered which runs in polynomial time, utterly destroying RSA, or (b) an attack against RSA will be discovered which does not depend on factorization.

Remember that the integer factorization problem has never been proven to be difficult, only conjectured to be so--and as time goes on, it gets less and less difficult. More than that, while RSA is built on the integer factorization problem, nobody has ever proved that you need to factor very large numbers in order to break RSA.

My money is on El Gamal--it seems to be built on stronger mathematical foundations.

Hmm...

[rosewood]

So even though it will be in the open, can I still use it and call it a strong encryption technique and then when anyone who has been in Calc 1 can crack it, I mean reverse engineer it, can I still sue them thanks to the wonderful (ha) DMCA?

Re:Hmm...

[LoyalOpposition]

Patents grant an exclusive right to exploit an invention, in exchange for the publication of the way it works.

Not quite. Patents grant the right to exclude others. Suppose I have a patent on fuzzies, and you have a patent on green fuzzies. You can exclude me from making green fuzzies, but I can exclude you from making green fuzzies and all other fuzzies. You have no right granted to make green fuzzies arising out of your patent.

Re:Hmm...

[SEWilco]

Nope, the concept of "strong encryption technique" is now the intellectual property of Digital:Convergence, as used in their Cue:Cat. The term "XOR" has been renamed "CCC"; details require a NDA.

Their encryption is so strong that typing "Digital:Convergence" into your browser's Address/Location field will fail to search for them.

Re:Hmm...

[Cardinal+Biggles]

You seem in need of a clue...

Patents grant an exclusive right to exploit an invention, in exchange for the publication of the way it works. What expires about RSA in two weeks is that exclusive right, not any form of secrecy.

So "public" is used in two ways here: the way RSA works always has been public. The right to use it hasn't been, but will now become, public.

Re:Symbolism and significance.

[greenrd]

No. US patents are valid in the US only. In the UK there are hardly any software patents.

No more problems with SSL security in US :-))))))

[Darkbird]

Now I'm gonna use OpenSSL evetywrere with no restrictions. Whoohoooo!!!!

Paging Grammar Nazi, paging Grammar Nazi...

[RFC959]

(Background: you have to answer three questions to get a shirt.)

The first "question" is "The patent expiration will allow more developers to create secure applications, making the electronic world a more secure place?"

The only answers you can give are "True" and "False". What I want is a "That's neither a question nor a true/false statement!" link, ala Slashdot polls...

Change party dates

[anticypher]

Now we'll have to quickly change the dates for the planned release parties. I've started by opening a large bottle of Domus beer and will proceed to get nothing done the rest of the day.

But this is good news that RSA isn't going to try any kind of tricks to extend their patent or somehow deny us this very valuable algorithm. Expect to see some good implementations of RSA being released into the wild in the next few hours/days.

the AC

Re:Change party dates

[Bruce+Perens]

Patent number, please?

Re:Change party dates

[12dec0de]

You might want to hold the parties!
RSA recently got an exclusive license to Compaqs Multi-Prime Algorithm, which is IIRC patented. So nothing is lost for RSA.

They will continue to put a stranglehold on America as far as encryption software goes, as servers will grow more and more unable to support the workload that is generated by verifying the signature on connections. The multi-prime helps solve that problem technically.

Re:Public Domain? What's the angle here?

[Caine]

If I've ever seen a karma whore, this is it =)

Re:We need key escrow

[cmclean]

My God Man, have you even *read* the UK's proposed Regulation of Investigatory Powers bill, the idea of 'guilty until you prove yourself innocent' seems a little inquisitorial for my liking. By far my favorite part, however, is that you get 2 years in prison if you can't prove you don't have the private key the police want, and another 5 years if you complain about it.

Now I'm all in favour of the 'contempt of court' laws, but hang on a minute here...

Further, and more in-depth commentary can be found at Stand.org.uk for those who are interested.

Craig.

WoooHoooo!

[jbarnett]

YES!

You know what this means don't you? I can compile in SSL support for commerical use into Apache and not have to pay C2 (the makers of stronghold) $1000 a license key!

$45 (or is it 90?) for the Server cert and you have a commerical proffesinal SSL server. If you want to use buzzwords "Ecommerce solution for $45 a year"!

Re:WoooHoooo!

[phutureboy]

That's what I was wondering... whether this means its now OK to use mod_ssl/OpenSSL in the U.S.

And where can you get a server cert for $45 or $90? The cheapest I am aware of is $125 from Thawte Consulting, a division of Verisign.

I actually need to buy a cert in the next week or so. If I could save a few bucks it would make me a happy man. Browser compatibility is of great concern though.

--

Re:WoooHoooo!

[ZanshinWedge]

Well, for one, Equifax offerse $45 server certificates.

There are tons of places like that, you just have to look, the problem though is that you pretty much have to bend over for the RSA/Verisign anal raping service if you want the corresponding CA-root certificate to be installed in everyone's browser client.

Thawte is pretty much the cheapest (it's been bought by Verisign but they're certificates don't cost 300 clams yet).

If you go with a 3rd party "unknown" for your certificate, the first time people connect securily to your site they will be prompted (depending on your server software and their client) to download and install the corresponding browser root certificate for that company (well, probably anyway, if they've connected securely to another site that uses certs from the same company they won't have to install it again, but this is unlikely). It's a fairly painless process actually, I suppose you have to weight the pros and cons for yourself.

Re:WoooHoooo!

[jbarnett]

I guess I told you wrong. I got mine from Thawte last year some, I guess it was probably around $125. I was probably thinking of internic.

sorry my bad.

RSA and GPG

[Omnifarious]

My question is, how long before this is incorporated into GPG? Of course, the obvious answer is 'as quickly as you can write it yourself' :-).

As far as I know, RSA is more secure than both El Gamal, and DSA, the algorithms currently used for encryption and signing in GPG. In fact, I believe El Gamal becomes horribly insecure if the same random number is used twice when running the algorithm. Also, RSA supports longer key lengths than DSA.

I want to create myself a big, 4-8k bit RSA root signing key scheduled to expire in 10 years, and then at 2 year intervals replace my main signing and encryption keys with new ones signed by the big RSA root key.

I know how RSA works, but not how to generate the large random primes that are required for a big key.

Re:RSA and GPG

[Lozzer]

Isn't that just using Fermat? Though it does work reasonably well, just not as well as Miller-Rabin (which is quicker and more accurate - Fermat misses Mersenne numbers no matter how many values you pick for a if I remember)

Re:RSA and GPG

[Mr+T]

What are the odds of that? You're supposed to pick k at random and if you have a half decent generator then that's just not going to happen.

If you're paranoid about it then keep a list of used Ks and don't reuse them. Really, it's not a problem though, you're far far more likely to pick a poor IDEA or 3DES key if you're using something like GPG or PGP.

Re:RSA and GPG

[Mr+T]

They are all based on Fermat, but yes, Miller's algorithm is just an application of Fermat.

It misses Carmicheal numbers. It does work correctly for Mersenne numbers, you should avoid those for other obvious reasons though.

Re:RSA and GPG

[David+A.+Madore]

See this comment.

Re:RSA and GPG

[fatphil]

The primes don't actually need to be primes! Industrial strength pseudo-primes will do just as well.

http://www.utm.edu/research/primes/
has loads of info on primes and pseudo-primes.
I recommend "primeform" and its successor "pfgw" as a generator of strong pseudo-primes (SPRPs) as you can chose what form they have:
e.g. if I wawnted a 4000 bit key I could ask
For n=1 to 1000
For k=1 to 2^16-1 step 2
Is 2^4000 + 5614*n*n + k prime?

And just wait a few seconds.
You have pretty much absolute freedom over the expression you try, so you can even feed it a 1000bit random number and ask it top find the next SPRP after that number.

Primeform has its own forum on egroups:
http://www.egroups.com/group/primeform

FatPhil
(a top 20 producer of titanic primes)

Re:RSA and GPG

[L.+J.+Beauregard]

It may be possible to sign with a PGP 2.x key, but GnuPG still can't encrypt compatibly with PGP 2.x because IDEA is still patented.

--
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delenda est Windoze

Re:RSA and GPG

[krokodil]

I have key generated like this:

ype Bits/KeyID Date User ID
pub 1024/2A52BD8D 1996/07/23 Vadim Zaliva

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a

Will GPG will be able to handle it? Does
it use IDEA?

Re:RSA and GPG

[Captain+Derivative]

Actually, if it's truly random, there's exactly the same chance of it happening again (after it happened once the first time) as there was of it happening the first time. They'll be fully independent events, so the probabilities of each are the same.

Of course, the chances of generating two new keys and having them use the same k is awfully small. To be precise, the square of the probability of k being picked once.

Blacklisting used k values actually decreases the randomness even though it makes it look truly random. But then it'll be less secure.

OK, I'm done now.

--

Re:RSA and GPG

[Mr+T]

To generate large random primes (or actually pseudoprimes since they don't fully test them) look up Miller's algorithm or the Miller-Rabin algorithm. It works like this:

if p is prime them for some a You can prove that the reverse is usually true, if a**(p-1) mod p = 1 then p is prime "most, but not all of the time"

So you pick out 100 or 200 values for a. And if the second part is only 50% true (ie: if it equals one then there is a 50% chance the p is prime) then after doing this 100 or 200 times for a bunch of different values of a you end up with a pretty good odds that p is prime. 50% ** 100 (or 200) is your error and that's pretty small.

As for RSA being more secure than El Gamal, I believe is has been shown that ElGamal is at least as secure as RSA and a lot of people believe it to be more secure. DSA on the other hand is really just a way of applying ElGamal and so it has some key size restraints to comply with a standard. Don't use DSA if you're not happy with the key length, sign with ElGamal and pick as big a modulus as you want.

Re:Public domain for algorithm, no code

[Ded+Bob]

It means we can all use OpenSSL without the rsaref library. The code is already out there.

Re:Brilliant news!

[tap]

They freed up their patent two weeks before it expired, not a lot of guts in that!

At least they didn't try to extend the patent by tricking the patent office. For instance, "c = me mod n" is the formula for RSA. So they patented that formula back in 1983, then in 1985 they could have patented the formula "me = c mod n". Mathematically the same formula of course, but that's ok. The patent office will let you patent a formula or algorithm that has already been patented, as long as patent is worded differently enough that the monkey who rubber-stamps patents doesn't notice. The comp.compression FAQ has a section on patents, which has several patents for identical compression algorithms that the patent office rubber-stamp monkey didn't notice.

They could just make up a new patent every year. Like "Using RSA to exchange DES keys", then "Using RSA to exchange IDEA keys", "Using RSA to exchange keys over computers connected by telecommunication lines", "Using RSA to exchange keys over the internet", "Using RSA to exchange keys between web browsers". They could probably keep this up for as long as they wanted.

Re:how RSA works

[Redundant()]

And how do you know that p and q are prime to begin with so you can use them?

Factoring n into p and q

[Gleef]

Yes, I know you are kidding, but RSA's excellent Crypto FAQ has a section with all the references you should need for factoring algorhithms:
http://www.rsasecurity.com/rsalab s/faq/2-3-4.html

Also, http://www.rsasecurity.com/rsalab s/faq/2-3-5.html has some good info about what the future holds for factoring.

----

Re:Uhh exactly what is involved?

[Nugget94M]

There is no substitute for the seminal work on the subject, Applied Cryptography by Bruce Schneier.

No geek's bookshelf is complete without this one. It's an approachable and practical coverage of encryption technology with a focus on application and use.

Re:So how will this affect us?

[wiredog]

There's a point - I wonder if a patent could be contested on the basis that it is anti-competitive

No, patents are intended to be anti-competetive. That's why they expire.

Re:you left something out ...

[Teach]

Who? I certainly have no idea how to....
Oh.

:)

Re:Ogg Vorbis is not particularly good...

[sheldon]

Actually it was just last week, and I actually thought it sounded much worse than MP3.

I will make the point that I'm listening with Sony MDR-V6 studio headphones, not tinny little speakers.

Perhaps it was just the implementation, like I said. But I want something good today, not in 3 years.

WMA takes about twice as long to encode as MP3 does, but one receives a benefit... it sounds much much better at lower bit rate. i.e. in my experience WMA at 160kbps is equivalant to MP3 at around 256kbps.

The inconvenience of spending $30 on a MP3 encoder is far less of a cost than spending 10 times the computing cycles trying to encode your CD's on a format which is free. I'd rather spend the money and get something that's quality and easy to use than frustrate myself with a freebie.

The inconvenience of a license is far less painful than poor quality software.

I can't seem to get mine.....

[heliocentric]

Dude, are they /.'ed or something 'cause I keep getting an error on their form:

Error Message:
undefin not found in list of allowed referrers.

Please use your 'back' button to return to the Web form.

Great, and I wanted my shirt!

Re:Symbolism and significance.

[abischof]

For all interested, you can get PuTTY here.

Alex Bischoff
Interested in building a roof over your cubicle?
---

Re:We need key escrow

[klanza]

Sorry, but you can't stuff this toothpaste back in the tube. Once the knowledge of how to devise a secure algorythm is available, secure algorythms will be written and used. You can't stop it.

free rsa shirt!

[goateye]

http://www.rsasecurity.com/developers/total-soluti on/shirt.html

Re:We need key escrow

[Veteran]

People troll because it gives them an illusion of power. What the troll says to themselves is "See, I am more powerful than all of these people, because I can get them to jump around in response to me; I caused all of this."

Here is the same illusion in a different setting. You are in a class listening to Professor Einstein talking about his theory of relativity. You notice everyone is listening to him, and no one is paying attention to you. You feel jealous. So you decide to fart loudly so that everyone will pay attention to you. You say to yourself: "See I am just as powerful as Einstein because I made everyone pay attention to me - just like they were paying attention to him." Hopefully even an idiot can see the fallacy in that; anyone can attract attention to themselves that way. It takes only jealousy and a lack of self control to do that.

People who seek attention of that sort are very insecure people who have very low self esteem - their entire self worth is second hand: "I only exist in what others think of me."

Real power feels like nothing - you do something and things change. One of the most important things I have learned in martial arts is that the more I feel - the less the other guy feels. The less I feel - the more the other guy feels. This is because in a properly done technique all of the power goes into the target, and none of it stays with the person performing the technique.

So when you do something which makes you feel power you have NOT DONE anything powerful. You can spend the rest of your life chasing illusions of power - or you can go out and try to develop some real power. The choice is yours - but chasing illusions of power will bring you nothing but grief; the only person who thinks a troll is powerful is the troll.

So why am I bothering to write this response? For the same reason that I bother to swat a fly; both trolls and flies eat shit and bother people.

Re:Symbolism and significance.

[technos]

Wrong. The program was/is legal, using it without leave of the patent holder was not. I can write program after program using the 'patented' method, at any time, with no fear of being sued so long as I only use the program for personal educational purposes. Now I can give the program away or sell it without having to pay a fee to RSA.

+1, Funny

[korpiq]

Refresh my memory, how do you factor n into p and q again?

Simple: p and q such that result in the original message are correct.

Re:We need key escrow

[kyz]

You must be a troll.

The "only terrorists, drug dealers and paedophiles are on the 'net" argument is complete rubbish, and a lame excuse for legitimate total invasion of privacy by Government snoops. The trouble is that this pathetic attempt to pull the wool over everyone's eyes has succeeded.

What next? "All criminals and deviants have skin anomolies, so we need the right to strip people naked at any time, provided we have reasonable suspicion... of course, all hot sexy chicks are very suspicious and will definately need to strip off all the time."

Nice trade

[Phil+Hands]

Swap 2 weeks of unenforcible patent rights for some free publicity and the opportunity to witter on about how your patent helped to promote development.

Personally, I never let their patent affect my life in any way (which is why there's no ssh-rsaref package in Debian), but if I had done, it would not have been helpful.

The claim that some benefit accrued to anyone but themselves is drivel.

If you think software patents are a silly idea, sign this petition to help keep Europe software patent free

This is what patents are for!

[Kissing+Crimson]

"RSA Security's commercialization of the RSA patent helped create an entire industry of highly secure, interoperable products that are the foundation of the worldwide online economy. Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market, as we believe it will cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices."

There has been so much discussion against the issuing and abuse of patent and trademark law; occasionally we should applaud those who do it right. The RSA has handled their patent beautifully while making good business decisions.

My hat is off to them.

Coincidence is the Superstition of Science

Re:This is what patents are for!

[Flower]

I'm more inclined to believe that the success of RSA has more to do with it being unfettered for use in Europe than being patented in the US.

Re:Public Domain? What's the angle here?

[NullAndVoid]

Uhh, yeah I read that too, but I still haven't parsed any meaning from it. What difference did releasing it a few days early make? "Symbolic step" sounds to me like it was for the PR.

Re:How magnanimous.

[Paradox]

"Coming along" meaning what? That one day we might have quantum computers? 'sides. You can make current encryption algorithms work even when there are quantum computers that can do a whole lot of stuff at once in constant time, you just jack up keysizes, prime sizes (in the case of RSA) and the like. At least, this is how I understand it. Imagine if you could generate primes on a real working quantum computer. You could make primes so huge they would foil quantum computers, couldn't you?

But right now quantum computers, with reasonable certainty, don't exist in any useful form.
- Paradox
Man of the C!!!

.ogg won't let me put my band's music on Napster.

[yerricde]

Why not ignore .mp3 and use .ogg for your encoding?

Even though there is a common Winamp plugin (from vorbis.com) to play .ogg files of my band's music, the Napster client does not recognize .ogg. But there's a workaround, right?

<O
( \
XGNOME vs. KDE: the game!

Re:how RSA works

[generic-man]

Background math: gcd is greatest common divisor. mod means modular arithmetic.

While this is given, why no specification for what phi(n) is? People learn gcd in elementary school, and modular arithmetic isn't that far off, but Euler's Totient Function isn't exactly something we're born with.

Wanted: Free RSAREF-compatible software

[billstewart]

Most of the RSA implementations produced in the US use either RSA's RSAREF reference implementation for non-commercial use, or RSA's BSAFE toolkit. RSAREF is still copyrighted code, and says you need to follow RSA's license to use it.
Now that the RSA algorithm is no longer patented, anybody can write a compatible implementation that doesn't have the license restrictions (no export to foreigners, limited access to functions without special permission etc.)

I'd like to see a free software version - either public domain, Library GPL, BSD, Artistic license, whatever. Who's first?

factoring n into p and q

[pemerson]

Factoring n into p and q is necessary for breaking the RSA code. If you factor n into p and q, you can generate the inverse of a. RSA relies on the fact that factoring the product of two primes is extremely "difficult" while multiplying p and q to get n is "easy".
For more info on what easy and difficult really mean, read up on Big-O notation (i.e. O(n) is linear running time, O(2^n) is exponential growth) and NP completeness. :)
Factoring:
Well, of course, you can brute force p and check to see whether you get an integer q. If you're using large primes (300 digits or so) for p and q, prepare to be long dead before you get q with our current computing.

I won't go into detail, but here are some popular factoring methods for you to look for, and a link:
Pollard Rho method
Pollard P-1 method
ECM (Elliptic Curve method)
Multiple Polynomial Quadratic Sieve (MPQS)
According to the link below, "The best general-purpose factoring algorithm today is the Number Field Sieve"(NFS)

For more info including Big-O notation (i.e. an idea of how fast the algorithms work as the size of n increases), check out:
http://www.rsasecurity.com/rsalab s/faq/2-3-4.html

Re:So how will this affect us?

[krady]

I thought the .ie address and spelling of flavour would indicate that we're non-US.

Certainly caused a lot of hassle though, not to mention the French restrictions on even doing crypto. I'm glad they've both changed.

Re:Can't "re-patent" a twist...

[Foogle]

Big deal. You don't need to send a working copy of your atomic particle-smasher to the Patent Office to get a patent on it. What difference does it make whether they've actually built one or not?

The patent is not on the manifestation of the idea. The patent is on the idea itself.

-----------

"You can't shake the Devil's hand and say you're only kidding."

According to this - it did

[ch-chuck]

From http://www.homeoffice.gov.uk/ripa/ripa ct.htm:

"The Regulation of Investigatory Powers (RIP) Bill was introduced in the House of Commons on 9th February 2000 and completed its Parliamentary passage on 26 July. The Bill received Royal Assent on 28 July. "

Re:how RSA works

[kcarnold]

n's only factors are p and q. p and q are prime. In that case, phi(n) = (p-1)(q-1). That's all you really need to know for RSA.

Re:Hahahahhah whatever

[Forgotten]

Exactly. But given that it attempts to turn a rather pathetic whimper into a (still very small) bang, you can't blame them.

Well, ok, yes you can - it's noxious spin control that tries to milk goodwill without doing *anything* of value to earn it. Pretty much exactly like Bill Gates emitting tiny burps of cash to M$-friendly charities the day after each instance of particularly absurd and damaging testimony in the DOJ trial.

I'd still prefer to have seen the damn patent overturned. Now it's legally expired and everyone will move in, which actually strengthens the idea of patenting basic algebraic concepts.

Fortunately this press release will probably buy RSA pretty much exactly what it cost them - nothing.

Re:RSA is trying to minimize the celebrations

[anticypher]

I had given a thought to their attempt to avoid a "media event", which would have made a stir in the crypto and security worlds. But I (and others like yourself) are a cynical bunch :-) Their stock could have taken a slight hit if some ignorant investors suddenly saw headlines about how they no longer have a patent on their golden goose. But most investors have known about the end of their patent for donkey's years now.

the AC
who will shout "We're Free!" on the 20th, and already has a head start on the Drunken Computer Geeks bit

Re:Can't "re-patent" a twist...

[g_mcbay]

You don't need to send a working copy of your atomic particle-smasher to the Patent Office to get a patent on it.

Actually, the patent office still has the right to request that you produce a working model before a patent is granted. They almost never do this... its usually reserved for ideas related to perpetual motion devices, which people try to patent a lot.

Until the late 1800s, all submissions needed to include a working model to even be considered.

Re:No more problems with SSL security in US :-))))

[Captain+Pillbug]

If you'd been reading slashdot for the last couple days, you'd know that the correct procedure for legalizing past development is to ask RMS for forgiveness. ;-)

Re:If only Fraunhaufer would do the same.

[MartinG]

Why not ignore .mp3 and use .ogg for your encoding? It's free and free. Plugins are available for all popular plays on many platforms.
It's better (arguably) than mp3 anyway.

http://vorbis.com

OpenSSH

[autarkeia]

Does this mean that products such as OpenSSH and will start shipping with standard distros (other than SuSE)? It's about time telnet came turned off on everything.

Re:OpenSSH

[Phil+Hands]

For US based distributions, there's still the issue of US crypto export laws, which while greatly relaxed still gets in the way.

Debian has included OpenSSH pretty much since it was available. It's available from our Non-US software site, and is on CD#1 of Debian 2.2 (unless you get the cut-down US exportable version).

Took me a second

[Lotek]

Took me a second to switch gears. I initially read that as RMS released to the public.

And the sad thing was that it made sense, too.

Re:Took me a second

[Eccles]

I initially read that as RMS released to the public.

Yeah, I've been hacking him to create a BSD license-pontificating version!

Re:Public relations

[ZanshinWedge]

Sweet, Mozilla will finally have SSL built-in.

Now, if only it still wouldn't be a toy browser. :P

Damn Mozilla dev. team.

Re:RSA is trying to minimize the celebrations

[12dec0de]

You can bet that I will party hardy on the 20th anyway. A Crypto Symposium seems the right place.

But I will not chant 'we are free', coz we aint

(and apologies to everyone about me not previewing)

Re:Public Domain? What's the angle here?

[HappyHead]

Uhh, yeah I read that too, but I still haven't parsed any meaning from it. What difference did releasing it a few days early make? "Symbolic step" sounds to me like it was for the PR.

Yup, that's a pretty good summary of what the paragraph means. It comes down to "People are saying not-nice-things about us, and we wanted the spotlight for a second so that we would have a chance to refute them and actually be heard."

While it may be true that (in some cases) the fact that they were charging for it enabled it to be accepted more readily than otherwise, (think old style managers of big non-technical firms here - no tech knowlege, and if it's expensive, it must be better,) there came (and went) a point where they were doing more harm than good by over-charging, and preventing smaller companies from entering a market which they had a very effective stranglehold on. (Ie:Netwscape and Explorer both use RSA for secure web transactions).

So really, all they're doing here, is a "We're actually the good guys here!", combined with a "It didn't get taken away from us, we gave it away!" - A last minute attempt to save face so they can get the tech industry to trust them again, at least long enough for them to sneak yet another convenient patented technology into as many public standards as they can, and get it widely adopted so they can once again drive up the price and extort ludicrous ammounts of money from anyone who wants to enter the playing field. Hopefully this time the people setting the standards will know better.

Re:Public Domain? What's the angle here?

[Caine]

Indeed, but I seem to have only gotten one mod point for mentioning "insightful" once. Perhaps if I mentioned it more, I would get more points?

This post is:
Insightful
Insightful
Insightful
Interesting

Re:Oooh i'll finally be able to look at the algori

[god]

Also, security by obscurity doesn't work. The only way anyone can trust a cryptographic algorithm is if it is made public and lots of well-known crypto people have analysed it and tried to break or weaken it.

Re:Who cares?

[john187]

Some in the community believe that ElGamal and other public key cryptosystems are based on the RSA patent. However, this has never been proven, or tested in court. The release of the RSA patent means all of those systems become unencumbered by any such restrictions which may have been lurking.

John

Re:Can't "re-patent" a twist...

[mOdQuArK!]

Aside from the fact mentioned in the other reply (Patent Office _can_ request that you submit a working device), you're missing the point.

Said companies in my example isn't being REALLY creative - they're just juggling words in their patent until they meet the Patent Office's definition of "creative" (which has more to do with semantic minutea & overloaded claims inspectors than real creativity).

What backdoor?

[Jooji]

The ADK vulnerability was not a backdoor, it was a difficult-if-not-impossible to exploit bug, and it only potentially affected those users who actually employed ADK. The bug has been fixed, and the source code for PGP is, as always, still freely available for anyone to review. In fact, that's how the bug was found. The open source model worked; where's the problem?

Hahahahhah whatever

[defile]

So, even though their algorithm was going to become public domain on September 20th 2000 anyway, they decided to spin the situation from this:

"RSA Data Security, despite kicking and screaming, are no longer the sole holders of a mathematical equation used for encrypting data. On September 20th, 2000, this contraversial patent expired, leaving RSA Data Security powerless and helpless despite their otherwise greedy intentions.

While the patent has been challenged numerous times, it has always resulted in an out of court settlement and unfortunately a judge has never had the oppurtunity to rule on the legality of such a patent.

The world rejoices!"

into:

"The benevolant RSA Data Security, out of the good will of their hearts, has released their coveted RSA encryption algorithm into the public domain. A representative on hand commented 'It doesn't make sense for us to hold onto an algorithm so obvious. After 15 years, this is our gift to you, world.' God bless you freedom fighters!"

Only in America!

Re:Public Domain? What's the angle here?

[Caine]

Obviously the moderators are on crack (and yes, I'm moderator myself quite often), but to first moderate the first one up, and then this one down. Exactly what was the troll part of that post? =) (If it wasn't meta-trolling that is. It's classified as troll because you say so? Can I get my post moderated up by saying they're insightful?)

Re:how RSA works

[Ig0r]

Run them through a Rabin-Miller primality test to find ones that are.

--

Re:Will there be products now ?

[LazySlacker]

Well the real problem for this is PKI (public key infrastructure).

If I want to call you on the phone I get your number (from a directory) if it's wrong I try again or something.

If I want to use public key cryptography I need to get your public key. I need a yellow pages for public keys. Not only that but I need to know that you are you and not someone with the same name. With telephones we use your address. I do not think this will work on the supposedly anonymous web. (Can I get the PK of Fred the Freedom fighter, 22 High Street Beijing - I need to send him some anti gov docs)

Finally how do I know your public key has not been modified to allow someone to read my messages?

Re:New Linux virus

[Icebox]

That isn't a virus.

Re:So how will this affect us?

[toriver]

As I understand it, this only has a direct effect in the US - the various products that we in the rest of the world have been using for ages haven't been subject to this patent because it's a US-only patent.

IIRC, they also applied for patents in Great Britain, Germany, France and maybe another. Other countries were "off the hook", but products using the algorithm could not be exported to countries where the patent was in effect.

implementation in Java?

[shailesh17]

Anyone know where I can find a free implementation of this algorithm in Java?

Java rocks!!!

Re:implementation in Java?

[Geek+Dash+Boy]

See my post below! :)

Java implementation has existed for a while

Enjoy!

Re:We need key escrow

[fatphil]

He's not permenantly in Finland anymore.

I wonder if he pronounces /Linus/ with a drawl yet?

FatPhil
(who is)

eh?

[Phil+Hands]

Patents are supposed to allow a time limited monopoly to exploit an invention, to give chance to recoupe development costs, in return for the inventor publishing details of the technique that makes their invention novel.

The details of RSA was published before it was patented, and it was not funded by RSA in the first place.

Also, it seems to me that it's a discovery and not an invention.

Sounds more like a classic abuse of the whole concept of patents to me.

To add insult to injury, they didn't even write a decent implementation of it.

Proprietary RSA algorithm replaced by better NTRU?

[4of12]

I have to wonder if the release of RSA into the public domain has anything to do with this development I saw headlined at Securityportal about another (um, proprietary, too) encryption algorithm, NTRUE

I would love it if a new legal finding was made that US Patent Law had to be reinterpreted because the original specification had a faded decimal point - that the intent was to provide patents for 1.7 years instead of 17 years.

how RSA works

[pemerson]

Here's a somewhat simplified taste of how RSA works, for those of you who are curious.

Note: I took this from a document that I wrote for my students, so this is how I personally had them implement RSA, NOT how RSA is really done in real life. But the basic premise of key generation is the same.
Background math: gcd is greatest common divisor. mod means modular arithmetic.

To generate your personal key:
1. Generate two prime numbers, p and q.
2. Calculate n = p*q.
2. Calculate phi(n) = (p-1)(q-1).
3. Pick a public key b where 0&#60b&#60phi(n) and gcd(b,phi(n))=1.
4. Calculate the private key a such that a=b^-1 mod phi(n) (multiplicative inverse). Make sure pub is less than phi(n), gcd(phi(n),b)=1, and a>0.
5. n and the public key can be published in a directory. Keep the private key secret.

To crack a key given n and the public key b:
1. Factor n into p and q.
2. Calculate phi(n) = (p-1)(q-1).
3. Calculate the private key; it's a=b^-1 mod phi(n).

To encrypt code, translate from an array of characters to numbers.
let a=0 .. z=25. Encrypt in blocks of three like this:
abc = 0*26*26 + 1*26 + 2 = 28
dog = 3*26*26 + 14*26 + 6 = 2398
cat = 2*26*26 + 0*26 + 19 = 1371
zzz = 25*26*26 + 25*26 + 25 = 17575

Call chunks of text converted to numbers m (for message). Compute m^b mod n. Each of these numbers go on separate lines in the file.
To decrypt code, do the process in reverse. Call the encrypted message m. Compute m^a mod n. Then you can convert from unencrypted numbers back into plaintext.
You can also do a double encryption (digital signature) by taking already encrypted code and encrypting those numbers. Suppose Alice wants to send a message to Bob which only Bob can decrypt and Bob knows can only have come from Alice. Alice uses her own private key to encrypt the message. Then she applies Bob's public key and gives the file to Bob. Bob takes the file and applies his private key to it, and then Alice's public key, leaving him with the plaintext. This ensures that Alice sent the message and only Bob can decode it.

Re:Smart Move

[teg]

The patent would have expired in a few weeks anyway...

And it's not like they would lose any business these weeks - they still sell their software, and not many would buy an RSA-specific license knowing it expires soon anyway.

They try to get some goodwill out of it, but when looking into it, they're not giving much.

export regulations?

[sTeF]

how do the still existant american cryptoexport regulations affect this announcement? anyone wanna lighten me up?

Uhh exactly what is involved?

[sips]

So even though it will be in the open, can I still use it and call it a strong encryption technique and then when anyone who has been in Calc 1 can crack it, I mean
reverse engineer it, can I still sue them thanks to the wonderful (ha) DMCA?

I have taken Calc 1 and passed and I still find many, many concepts in encryption hard to understand if not impossible. Where is a good run down of all the math involved? It would have to be limitd to differentiation and medium-hard integration techniques to work at a Calc 1 leve.

I am just curious.

Re:Uhh exactly what is involved?

[jonsuen]

RSA is very simple to implement. I know 13 year olds who have studied it in a number theory class through Johns Hopkin's CTY.

I'm sure somebody at Slashdot knows about it (Timothy)...

Oh man, this screws up all my party plans!

[Tom7]

Well, it's nice to know they didn't fight it (they'll probably go down in the history books as having voluntarily released it!) with other patents and nonsense like that.

But now what am I going to be partying for on the 20th? The two-week anniversary?

That is legally :)

[sips]

See that's the beauty of anonymity the stupid "intellectual property" laws don't apply to you. That is in fact how most controversial code should be handled.

Re:first

[Legolas-Greenleaf]

m'eh. =^)
-legolas

i've looked at love from both sides now. from win and lose, and still somehow...

Public Domain? What's the angle here?

[westfirst]

It was already public knowledge. That's the price of patenting something. You disclose everything. So they released it two weeks early. Why? Are they trying to claim some tax deduction? Are they trying to seem like good guys? Why waste perfectly good electrons on the press release?

Re:Public Domain? What's the angle here?

[Legolas-Greenleaf]

Why did RSA Security release the RSA algorithm into the public domain early?
So much misinformation has been spread recently regarding the expiration of the RSA algorithm patent that the company wanted to create an opportunity to state the facts. RSA Security's commercialization of the RSA patent helped create an entire industry of highly secure, interoperable products that are the foundation of the worldwide online economy. Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market, as it will help cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices. RSA Security intends to continue to offer the world's premier implementation of the RSA algorithm and all other relevant encryption technologies in our RSA BSAFE software solutions and remains confident in our leadership in the encryption market.

That's why they made an FAQ. For Frequently Asked Questions.
-legolas

i've looked at love from both sides now. from win and lose, and still somehow...

Re:Public Domain? What's the angle here?

[BJH]

Well, yes. Isn't it always?

How magnanimous.

[fatphil]

Given that they weren't the first to discover the algorithm. The first discoverer was gagged by national security (that's GCHQ for you).
I still view it as mathematics, however, and thus not "a device" for anything.

Or...

Does this mean that "A" has finally found a NP-space P-time inverse, and the whole algorithm becomes no more than a toy!

FatPhil

Re:Symbolism and significance.

[lpontiac]

At any rate, Patent holders can apply for patents in UK. It's done every fucking day.

Yes, but it doesn't guarantee they'll be granted. In the UK, if it's a software patent the odds are vastly against it being granted. Not to mention that prior art exists in the UK, although whether that can be applied in retrospect after declassification isn't something I'd be sure of.

Mozilla

[kuaikuai]

Does it mean that Mozilla will be able to include the full SSL capability finally. ie Incorporate the public SSL implementation with the RSA code

Public domain for algorithm, no code

[BlowCat]

Please note that they are only making the algorithm public domain, not the source code that implements it.
Anyway, it's great news for all of us.

Re:Public domain for algorithm, no code

[warez_d00d]

That's probably because the actual RSA algorithm is fairly easy to implement for anyone with a bit of training in maths.
Just shouting 'open source this' at everything won't necessarily get you moderated up...

the d00d

big deal

[Evil+Grinn]

Its not like the algortithm hasn't been on T-shirts and bumper stickers for the better part of a decade..

Re:So many questions...

[cduffy]

FYI (fresh off the mailing list), RSA support will be built in RSN... in fact, if I read/remember right, it _is_ built in right now, at least in current CVS.

(Btw, moderators, as of while I'm writing this, it's not redundant AFAIK).

Smart Move

[JJ]

Making certain that your product continues to be the algorithm of choice and that your continued development efforts will be welcomed into the market. Sounds like a heads up play to me. Bravo!!

Re:Symbolism and significance.

[jonathanclark]

I would think the number of people willing to buy a license to use RSA is dwindling down to almost no one as the expiration date rapidly approaches. This way they get a little bit of free press and hopefully a positive spin when the patent does expire.

Re:Symbolism and significance.

[Foogle]

Sure about that? I was under the impression that the United Kingdom respected US Patents, and vice-versa.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Ogg Vorbis is not particularly good...

[sheldon]

Now maybe I was using an older implementation, but...

I tried to encode something using the .ogg format as presented in Media Jukebox or some such app.

What I found was:
- It took an incredibly long time.
- It sounded incredibly bad, even worse than MP3

Granted, it'll probably improve. But I'm a big fan of using stuff that works well today. The inconvenience to me of using a licensed format like MP3 or WMA is incredibly small. When compared to the inconvenience of using a pre-alpha poorly implemented format like OGG, what's the point?

Re:Symbolism and significance.

[Frank+T.+Lofaro+Jr.]

Umm I think patents prohibit the unauthorized making of an infringing item too. I am not a lawyer, but I think the above is true. Well if I'm wrong I won't get sued, but if you are you can. Any lawyers care to comment?

Finally!

[Doppelgaenger]

Finally! Putty and Nifty-Telnet you are now mine! :)

Re:Can't "re-patent" a twist...

[Foogle]

That's simply not true. Patent law encourages people to build upon the ideas of others. A mouse-trap may be patented, but the patent system we use in the US allows me to develop a new mouse-trap based on the original specs and patent my design, provided that I have creatively improved upon the original.

-----------

"You can't shake the Devil's hand and say you're only kidding."

They have plenty to sell

[Wesley+Felter]

RSA still has a variety of products, most of which don't rely on the patent for their business model.

e.g. Presumably some people buy SSL-C instead of just linking OpenSSL with BSAFE. If they bought it in the past, they'll probably keep using it even though there are free alternatives.

Re:you left something out ...

[jesser]

Refresh my memory, how do you factor n into p and q again?

Just plug n into the TI-89's "factor" function. It might take a while though.

--

Re:So many questions...

[kurowski]

I'm particularly intrigued by the fact that if you're using ElGamal and for whatever dumb reason (bad RNG or just wild luck) you choose the same k twice, you give away your private key.

If you've got a bad RNG. than it doesn't matter what cryptosystem you're using. As far as generating the same k twice with a reasonable RNG, assuming that you've used the minimun reasonable keysize of 768 bits, and your implementation isn't broken, well, I believe that it's more likely for you to be hit by lightning on the day that you win the lottery ;)

Decimal points in patent law? No.

[yerricde]

I would love it if a new legal finding was made that US Patent Law had to be reinterpreted because the original specification had a faded decimal point - that the intent was to provide patents for 1.7 years instead of 17 years.

Not likely. Back when the original patent law was passed setting the "limited times," decimal for years was not common. The patent law drafters would have written "one (1) year and 255 days" were that their intent.

"limited times" in the Constitutional clause authorizing patents and copyrights has a huge loophole.
<O
( \
XGNOME vs. KDE: the game!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:We need key escrow

[david+duncan+scott]

using the techniques we learnt in forcing other countries to deal with the menace of drugs

Yeah, because that's worked so well! Should we send troops, as we did in Panama, or merely pump more munitions into the world, as we're doing in Columbia?

I can see us now, invading Finland to capture the notorious Linus Torvalds, code maker for the cartel.

Just an excuse

[mr.ska]

They probably just ordered way too many T-shirts, and needed a reason to give them away. Mine's in the mail!

Re:So how will this affect us?

There's a point - I wonder if a patent could be contested on the basis that it is anti-competitive.

Patents are anti-competitive by definition, that's the whole point in them..

It's better

[sips]

Personally I havn't had that great deal of trust for EIGamal. Personally I want to be able to use RSA in gpg at 4096 bits or more without needing to download it outside the US.

Re:If only Fraunhaufer would do the same.

[mallie_mcg]

(OFFTOPIC)I know that this is offtopic and all, but, thanx for the response, but when i tried .ogg format for my music, lame would not encode a name into the track, winamp would not let me change this name, and when i used my machine, the .oggs appeared to get noticeably worse in quality, (i did a few tests). Whereas bladeenc did not have similar issues. I really should switch from win32 to Linux or BSD for my desktop, and leave the mac for word processing, but i really dont know which to use: BSD/Linux & which distro. Oh well i spose i could try both and go from there.(/OFFTOPIC)

Sorry that this has gone offtopic


.sig = .plan = NULL;

RSA is trying to minimize the celebrations

[perp]

The major reason for RSA's early patent release may be to prevent "RSA Day" from being a media event. Most people in the security community have it marked on their calendars (I do!), and a lot of people had parties or other events planned.

RSA did not want to see headlines like "Techies Celebrate Patent Expiration" or "'We're free!' Shout Drunken Computer Geeks".

Lets all party anyway.

Will there be products now ?

[oldzoot]

Will this release permit the development of everyman encryption devices ? One of the common rumors (facts?) of our time is the government intercepting all communication and computer-analysing it for evil words etc. Will someone now make nifty jeez-oh pocket encryptors cheap and easy enough for everyman to use - something to go between a telephone set and the public network, or perhaps between a microphone / speaker and a radio set ? Is the lack of these products in the real world (TM) proof of excessive government controls and insidious dark forces ? And what about Naomi ?

by being able to use RSA free silly

[sips]

That's basically the long and short of it. Without the need to have to ask and bey and plead to be able to use it now anyone can use it at any time.

Re:So many questions...

[David+A.+Madore]

GPG supports plugins and there has been one available for RSA for quite some time now. You can get it from here for example. Compilation instructions are included. Just ignore the legal shit at the beginning.

I've been using it already. I don't care about the patent: algorithms are not patentable in Europe, and RSA Security hasn't even tried to apply for it here.

Java implementation of RSA has existed for a while

[Geek+Dash+Boy]

This is good for me, for I was living in daily fear of gettiing a cease-and-desist from RSA Data Security, Inc. :)

Check it out, get a copy, and tell me what you think.

Great!

[The-Pheon]

Releasing the RSA to the public domain is great, but what i really care about is the free tshirt!

Re:Great!

[The-Pheon]

"The RSA Algorithm Patent Expired, and All I Got Was This Lousy T-Shirt"

That simple? Did I miss something?

[sips]

Why then does it look so darn comlplex and have symbols that I don't even know the operation to?

Re:New Linux virus

[stevey]

Wow! It's amazing how Slashdot ignores stuff like new Linux virii, isn't it?

Except its a trojan - which requires root priviledges to install - that is only interesting because it can be controlled via IRC channels.

And Slashdot is covering it here.

Steve
---

woohoohooowhohowhowhooo!!

[waldoj]

I'll post a 1, the lowest that I can. I'm just incredibly psyched by this, and I've got to express it _*somehow*_!

Whoo-hoo! I'll go get me some little party hats now. (You think I'm kidding.)

-------------------

Factoring large primes for Dummies

[ptbrown]

hrmm... Took me a while to find this. Was on a disk that got hosed a while back, so I don't think I managed to save all of it.

In <DDFzt3.Knq@anneli.com>, tim@anneli.com (Tim E. Anderson) writes:
> Simpler one:
>
> Now let me see, I got "n" and want to get "p" and "q". So I just make a
>stab at it:
>
> let p = (sqrt(n)/2) and q = (n/2)
> now lets see if my new p and q is bigger than "n", oh, boy is it ever, so
>then let p=p/2 and q=q/2, is this product bigger then "n", if so I just keep
>halfing p and q till the product is less the "n". Hey I am closer to the
>real "p" and "q". MUCH closer.
> I'll tell you what to do when when the guessed p and q has a product less
>then "n". Hint for now, you go back in the other direction even slower till
>the product is once again greater then "n", Now you are EVEN closer, and
>closer, and ..... heck I'm going to read someones PGP. Buy.


Look, Tim, you keep posting all these cutesy factoring systems which, I guess,
are completely unknown to the mathematical community. I doubt anyone here
is interested in your theory, but we'd all be interested in your RESULTS.

Someone here posted a large number, about 250 decimal digits, not long ago.
Instead of posting your factoring system, why not shut all of us up for good
by factoring that number?

As I've mentioned earlier, RSA Data Security has ongoing contests with cash
prizes for factoring big numbers. Why don't you win their next contest?
That would do wonders for your credibility.

^C5*** Quoting Tim E. Anderson to All dated 08-16-95 ***
> I found that using ([sqrt(n) + n]/ [2^x]) {x=1,2,3,4,5,each use} is
> better
> and faster. I also notice that: (.5)*(sqrt[sqrt(n) + n]) tends to
Is this your new BS algorithm that you dreamed up after you realized that your
old one (brute force) didn't work?
You still haven't been able to decrypt anybody's PGP message yet...Oh wait, I
forgot, you don't give out freebies.. =)

If p < (1/2)sqrt(n), then so will be q < 2*sqrt(n).

{hum., either p,q are < or they are both >).

Find the first prime number after (1/2)sqrt(n) [like if it was 1,453.9026
the the first prime number would be 1459] and the last prime number
prior to 2*sqrt(n) [like if it was 5,815.6104, the last prime befor it would
be 5813]. Now make a number line and place each prime in its place (1459
to the left of sqrt(n) and 5813 to the right of sqrt(n)). Then find the
next prime number half that distance, and so on.

2797*3023 = 8455331
sqrt(n)= 2907

(step x) * (step x)
(1) (2) 1459
(3)2203
(4)2557 8333263
(5)2741 8450503
(6)2833 8416843
(7)2879 8501687

sqrt(n)2907

(7)2953
(6)2971
(5)3083
(4)3259
(3)3631
(2)4357
(1)5813

Now multiply each prime with it's coresponding pair. For example

1459*5813 = 8481167 > N

Since this is greater then N, hold 1459 but drop down to 4357 like thus

1459*4357 = 6,356,863 < N

Notice anything odd between steps (5) and (6) and (7).

(5)2741 8450503
(6)2833 8416843


Yup, the products drops from (5) to (6). Why? cause the real "p" is in
that range (2741-2833). After you pass the range "p" is in, the product
will jump up.

Now when "n" is small, you cann't go halfing, more like 1/16ths, else
you'll miss the dip.

Now PGP likes BIG numbers, meaning the dips are very noticable.

When p>(1/2)sqrt(n) and like so q > 2sqrt(n), you go away form
(1/2)sqrt(n) and 2*sqrt(n).

This is not brute force, it is a binary search for product dips. Find the
dip, and follow it down.


Tim E. Anderson (tim@anneli.com) wrote:

: If p < (1/2)sqrt(n), then so will be q < 2*sqrt(n).

: {hum., either p,q are < or they are both >).

Darn, typo again, thats:


If p > (1/2)sqrt(n), then so will be q < 2*sqrt(n).

if p < then q is >.

sorry.


BTW, if you could 2-D the thing, think of an ant hill with a stick in it.
It has an up slope, a hole and then in the middle of the hole a stick that
is flush with the lip of the hole (that's p*q). The ant hill is more donut
shaped, as if the donut was cut in half an placed on the floor. The hole is
the dip, and in that dip is a spike (p*q).


p
..|.. ...
... . | .... .....
.... .|. ......
. . sqrt(n)same for q


yea, I guess, a bow and arrow.and NO it's not the middle finger.


In article <DDHvAn.17M@anneli.com>, tim@anneli.com (Tim E. Anderson) wrote:

>Here is a better, slower, method:
>

Actually, it's fairly quick: it's guaranteed to crash after 12 iterations.
f = f/2 goes from 1024 to zero fairly quickly.

>n = p*q;
>p = sqrt(n)-sqrt(n)/BIG_NUMBER;
>q = sqrt(n)-saqrt(n)/BIG_NUMBER;
>f = 1024/* or smaller yet */
>while ( p*q != n )
>{
> p = p - p/f;
> q = q + q/f;
> f = f/2;
>}
>while ( p*q < n )
>{
> stuff deleted but obvious
>}
Not sure what the second while loop is there for. If you ever drop out of the
first, you will have achieved your objective.

Just for kicks I tried this with
n = 57102517, and BIG_NUMBER = 1000.
Here's what you get with each iteration:

p = 7549 q = 7549 f = 1024
p = 7542 q = 7556 f = 512
p = 7528 q = 7570 f = 256
p = 7499 q = 7599 f = 128
p = 7441 q = 7658 f = 64
p = 7325 q = 7777 f = 32
p = 7097 q = 8020 f = 16
p = 6654 q = 8521 f = 8
p = 5823 q = 9586 f = 4
p = 4368 q = 11982 f = 2
p = 2184 q = 17973 f = 1
p = 0 q = 35946 f = 0

and of course you crash the next time you execute the statement
p = p - p/f;

Didn't get anywhere near the factors of n.

--
Thank you VERY much!You'll be getting a Handsome Simulfax Copy of your
OWN words in the mail soon (and My Reply).
<Andrew.Spring@ping.be> PGP Print: 0529 C9AF 613E 9E49378E 54CD E232 DF96
Thank you for question, exit left to Funway.

Okay, not having a PRE tag sucks. Not a particularly enlightening exchange, but this was years ago when I was still a dumb young kid and even I realised how full of sh*t this guy was.

Wait!

[Refried+Beans]

That's not fair! I had this huge RSA party planned. What am I going to do with all of these crackers and fish?

Re:Wait!

[Vuarnet]

What am I going to do with all of these crackers and fish?
You can feed the fish to the crackers, and then tell them:
"Dudes, sorry about this, now go home and crack the NASA site or something".

Oh, you meant crackers as in cookies! Silly me...

The T-shirts and bumper stickers aren't patented.

[L.+J.+Beauregard]

The patent doesn't cover the RSA algorithm, strictly speaking; it covers a device that does RSA encryption and/or decryption, or the process of using it.

T-shirts and bumper stickers are not capable of doing RSA (well, not yet ^_^) and they no more infringe the patent than does a copy of the patent itself.

IA of course NAL. But that should be the default.

--
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delenda est Windoze

Re:So many questions...

[L.+J.+Beauregard]

RSA was never patented outside the USA because it was published before any of R, S, and A thought to apply for a patent. In the USA there's a 12 month grace period if you do that; elsewhere, it was tough cookies.

--
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delenda est Windoze

Symbolism and significance.

[ClayJar]

It might be relatively insignificant from a practical standpoint (it's what, two weeks), but I respect the symbolism of releasing RSA to the public domain just ever so slightly early.

This means that I can now legally use a little SSH program I found for Windows, and I needn't have any qualms about infringement. While I may not have been too concerned for myself at home, I haven't used the program at work (a public school system), since companies love finding licensing problems in public institutions.

Anyway, to me, releasing RSA early is like getting one of those little gold stars on the poster in grade school. It may not have any significant impact on anything at all, but it does make you feel like there's just a little good in there.

Thanks, RSA Security :-)

[Julian+Morrison]

('nuff said)

Oooh i'll finally be able to look at the algorithm

[grahamsz]

Despite the fact that we were given it to analyse and devise methods of breaking when we were in high school maths.

Second year univeristy maths touched on it and it came into my computing course as well.

It's not like they are releasing the worlds best kept secret.

On the other hand they should be applauded for not behaving like complete twats with their algorithm, ala MPAA :)

Re:We need key escrow

[streetlawyer]

For the same reason that I bother to swat a fly; both trolls and flies eat shit and bother people

Trolls eat shit

You are feeding a troll

errr ..... you said it, brother, not me.

Re:So many questions...

[Daffy+Duck]

Certainly assuming a good RNG, the odds of repeating k within your lifetime are slim-to-none.

But suppose you have an evil adversary who can screw with your RNG, perhaps for only a limited time. If he compromises it for a few messages that encrypt a random session key with RSA, he's only cracked those few messages. If he compromises it for a couple of messages encrypted with ElGamal, he's got your private key for every message until you retire it.

A very remote possibility for most people, of course. But it makes me uneasy.

Actually

[Lazaru5]

You still can't use RSAREF without a license.
This just means you can now use a home grown implemenation of the algorithm.

Re:Actually

[Stephen+Samuel]

The whole point is that you don't HAVE to license RSAREF to use RSA any more -- In other words, everybody can now use the international versions of pgp/gpg without looking over their shoulder.

That's overexagerating

[sips]

What prevents a big news item from going down today? Why would a company actually fear a party or a news item. Only about 1% of the people in the world probably know what RSA actually is. I know it wouldn't make it into the 11:00 news.

Re:Stronghold

[Threed]

I'd like to know why my post was modded "informative"... It was a _question_. A question isn't informative. Interesting, maybe, but not informative.

(And I guess my question's been answered... Bye bye Stronghold. It was fun while it lasted.)

Anyways...

RH bought Stronghold? I missed that one. I can't think what their motivation might be, other than to have yet another OSS project under their umbrella (more stuff to provide $upport for.) Perfectly in line with their business model.

And of course C2Net extended deadlines. With the impending loss of value in their RSA license, they gotta keep the price down or risk losing business to Apache/OpenSSL. My company paid for Stronghold because of the legalities. We never needed support at all. I'm guessing there's a whole lot of sites in the same boat.

I was under the impression that you could still get IPs for virtual hosting, but you have to justify them. We had to justify our subnet to our uplink. This consisted of a phone call, "looks like we need 6 IPs to start with; dns, mail, firewall, gateway, and 2 web servers." It was no problem at all.

Then again, we only have one secure server here.

The real Threed's /. ID is lower than the real Bruce Perens'.

--Threed

Re:Brilliant news!

[JCCyC]

At last a company with the guts to free up their patents. Long may this continue and long may they reap the rewards from it.

Guts? Gimme a break. The patent would expire two weeks from now, for crying out loud! If anything, they did that to spoil the "RSA Parties" programmed to Sep 20.

Really, that was the lamest of lame PR moves. I say, do NOT incense RSADSI for this. It means nothing except a written admission of assholeness.

Wake me up when Amazon releases 1-Click Shopping into the public domain -- as long as it's at least 5 years before expiration.

Clarification

[JCCyC]

I meant "written admission of assholeness" from RSADSI, not the AC who posted. Sorry.

you left something out ...

[Hollins]

Hey, Teach?

Refresh my memory, how do you factor n into p and q again?

:)

Re:So how will this affect us?

[krady]

There was no patent outside the US. The company I work for produced its products in US and rest-of-world flavours only.

Public domain is better than expired

[kren2000]

My guess is that RSA did this to avoid someone else re-patenting a twist on the RSA algorithm. It's much safer in the public-domain than it is as an expired patent.

In any case, my guess is that RSA has patented *around* the original patent, covering such twists as public key encryption over e-mail, etc. and those patents will most likely extend for the next couple of years.

Karen

Re:Brilliant news!

[streetlawyer]

long may they reap the rewards from it.

How?

So many questions...

[Daffy+Duck]

but my main one is: does the expiration of the patent mean that RSA will be retroactively included in systems such as GnuPG?

The central advantage of GnuPG and SSH protocol version 2 (as far as I can tell) is simply that they don't use patent-encumbered algorithms, and RSA is "the big one" in that category. Of necessity, the free world has moved on to DSA and ElGamal, but do they have any technical (non-political) advantage?

I'm particularly intrigued by the fact that if you're using ElGamal and for whatever dumb reason (bad RNG or just wild luck) you choose the same k twice, you give away your private key. Do any of the popular cryptosystems keep track of used ks to make sure they don't repeat, or do they just rely on probability? Does RSA have any comparable weakness?

Wrong, yourself

[werdna]

Any conduct that makes, uses, sells or offers for sale (or imports into the US) of an infringing apparatus is infringing.

However, while the initial act of making might have infringed, acts occurring subequent to the date of expiration of the patent (or, as in this case, the date of dedication) making, using or selling is not actionable. The devil is in the details of course, but users subsequent to the term of the patent are not likely to be liable for infringement.

So how will this affect us?

[The+Dodger]

As I understand it, this only has a direct effect in the US - the various products that we in the rest of the world have been using for ages haven't been subject to this patent because it's a US-only patent.

I'm not going to open the can of worms that would result from me flaming the US Patent Office...

So, what this means is that it will now be possible for non-US companies like Baltimore (Irish company) to sell RSA-based products in the US without having to worry about having to licence the PSA algorithm from the RSA company.

There's a point - I wonder if a patent could be contested on the basis that it is anti-competitive.

Anyway, getting back to the point, the other advantage will be that open source products which use the RSA algorithm and which, until now could not be used for commercial purposes in the U.S., can now be deployed by companies.

Considering that a large percentage of open source developers and projects are based in the United States, is this likely to lead to more widespread and better integration of cryptography with open source software packages?

D.
..is for Downloading PGP from a US host instead of being forced to put up with the International version...

Stronghold

[Threed]

I never was too clear on the RSA licensing thing. My company paid for Stronghold for the sole purpose of avoiding such difficulties. Does this mean that I can scrap that and use Apache/OpenSSL for my B2B site? It looks to me like I can, but I'd like to keep the company 100% in the clear.

The real Threed's /. ID is lower than the real Bruce Perens'.

--Threed

Public relations

[blakestah]

RSA is just securing a little good PR on the back end of their patent.

What they hope to do is further establish their namebrand as the standard in encryption technology.

Of course, now openssh/openssl will get wrapped in so many open source projects it will get silly fast. For example, I bet it takes about 1 day for Mozilla to incorporate openssl in its default build.

This move marks a large step forward for open source secure products.