OpenSSL Gets Cryptography Gift From Sun

Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."

Shouldn't this be placed under a different section

[questionlp]

Although I use and keep up with the BSD side of things, but I think this affects the entire open source community as a whole, including xBSD, Linux, Apache+SSL, and gobs of other software that utilizes SSL for security.

Nonetheless, it is great to see Sun contributing back to the community.

This does bring up one question in my mind though... could this be used in SSL acceleration cards to improve the effiency of the SSL 'processor' (i.e.: keep the same performance level while reducing the amount of power necessary)?

Offering from large companies

[phorm]

Has anybody noticed a trend lately of large corporations or companies making offers to the public source movements. Is this a play between them for notice, or are they finally starting to figure out that it's better to play nice with open source than fight against it?

Re:Offering from large companies

[chris_mahan]

You know the old saying: If you can't beat them, join them?

Well, any corporation can be beat if they screw up. Sun's stock hovers around 3 and Oracle is scraping by at 9. MSFT would have gone down with them had they not been aggressively buying their own shares to prop up the price. ( I fear they too will tank in time--yay)

Rather, open source developers can't be beat. You can't sue them, fire them, or force them one way or another. If one gets disgruntled about life and everything, five more rise to the occasion (with appropriate amount of bickering--but no ones dies of bickering... ni! ni! ni! ).

This, I think, is a perfect case of: Since they (the Corps) can't beat us (the OS Devs) they're joining us.

I just hope we don't jump on the bandwagon wholesale. Their evil ways are insidious, promising riches and glory,capitalism style, but lead straight down the Road to Perdition to the Bankruptcy Court.

Harken thee: inspect the mouth of the gift horse. (translation: watch your back OSS)

Re:Offering from large companies

It is about compromising complementary businesses.

Sun's views their business as servers, and big iron, places where linux is not really making such strong inroads. Mega-servers are still dominated by big iron.

So, having as much client competition as possible makes sense. So, good crypto on the client increases client competition, and weakens Microsoft's hold on it.

All Sun really needs is for linux to be a serious client competitor. Then the focus shifts to the server, where Sun dominates other companies.

You could see Microsoft use this strategy when they maintained rights to DOS after licensing to IBM. They licensed DOS to all hardware manufacturers, to make them compete. Hardware became a tough business, and Microsoft got a monopoly.

Re:Offering from large companies

[kevin+lyda]

sun has been contributing to free software for decades. they didn't make a big production of it, but it's been happening anyway. now yes, for the past few years they've been rather obnoxious on certain fronts, but for the most part they've done their bit.

denegrating this contribution as if it's a new position sun isn't very fair to their company or their developers.

Re:Shouldn't this be placed under a different sect

[JDizzy]

OpenSSL is not the child of OpenBSD, nor a cousin of OpenSSH. OpenSSL is an independant project.

OpenSSH is a baby of openBSD, and OpenSSH depends on OpenSSL.

The Eliptic curve stuff was donated to OpenSSH team, not the OpenSSL group. So dreaming about this in your ssl accelerated card of the future is a bit silly. However, if openSSH team open sources the tech, and that tech is under bsd lisence, then maybe it will work its way down into the chip makers crypto designes.

Re:It's not really that surprising

[cpeterso]

Sun should watch out for blowback from these rebels. Look what happened when the US CIA funded, armed, and trained Saddam Hussein and Usama bin Laden.

In all seriousness, if the open source desktop succeeds, who is more likely to profit, Sun or Dell?

Re:It's not really that surprising

[Billly+Gates]

"Sun is basically "arming the rebels""

No. I think it this move was designed to improve Apache's security and make it a greater e-commerce tool on solaris( and unix). Sun relizes that more sun webservers use apache then Iplanet so they are donating the code to openssl since apache uses it by default. And not to just attack Microsoft. However I do question the timing since newly discovered ssl flaw recently in IIS/IE is making headline news and CIO's nervous.

Something like this may have an impact in e-commerce purchasing decisions. .NET has made alot of hype and headway into the ecommerce market because its so easy to write a vb.net ecommerce site these days. In VB.NEt you can declare a subroutine as a webservice or applet(never used it but seen it)and it instantly becomes a servlet. This is something Sun has to fight. Windows Developers are really rallying upon .NET because thats all they know. Same reason why SQL-Server is getting popular. With palladium security will be a non issue so who knows what will happen. I do not see how sun could fight this unless use the more open TCPA standard. At least that one is not owned by Microsoft like palladium.

Re:Great!

[Darkforge]

Actually, there is a real use for widespread heavy-duty crypto, even on a PDA: encrypted money tokens.

If strong encrypted money tokens were to be implemented on a wide scale for, say, Palm PocketPC, Zaurus, and maybe a special purpose StrongARM device, you could expect to see a cheap widespread secure electronic payment mechanism that you can use for micropayments.

Aside from the novelty of buying lunch with your PDA, this could be the next step towards truly secure electronic transfers. You can say goodbye to corporate privacy violations when you can pay for your online goods with secure anonymous electronic cash.

Imagine paying your peers in a P2P system for MP3s/OGGs/whatever. Providing fat bandwidth for P2P would be a potential money-maker, not merely a labor of love. Throw in an anonymizing protocol and you're selling MP3 bandwidth online securely and untraceably; the RIAA couldn't shut you down, because there'd be no way to figure out who you were.

That's the power of widespread strong crypto, especially in small devices.

Re:Why is this significant?

[plcurechax]

I know the keys used for ECC are generally smaller, but that seems like a fairly minor consideration even for PDAs

ECC uses smaller keys, which is suitable for very small networked devices like network appliances, that use cheap (<$1) 8-bit microprocessors with very small amounts of NVRAM.

Is eliptic curve cryptography actually faster than RSA?

Yes, which is the major advantage over RSA, more important in most applications than the storage of smaller keys. I don't know exactly but I estimate in the area of 10 to 100 times faster for "equal" level of confidence in security.

And if it IS faster, wouldn't it be much more useful for web servers than for PDAs?

Think mobile phones, or cheap network household appliances with 8 and 16-bit microprocessors with clock speeds less than 12MHz. It also means lower power comsumption which is important for most battery powered devices.

Re:Great!

[cant_get_a_good_nick]

I don't know if you guys remember, but PayPal started off as a Palm App. It started as a solution for the bane of business lunches - having no money or just $20 bills and having to split, and then having to remember everything. So you could beam folks money adn it would show up in yur account. The problem is synching up the money, what if you reset your Palm before you synch the money to your account (I lost my $5 that way). They quickly realized that the amount of money in splitting a check wasn't as big as the big boy of trying to pay over the Internet, and they switched their model pretty quickly to that, quite successfully I might add.

not to sound bitter...

[tomstdenis]

but so what?

My crypto lib has supported [non-P1363] ECC crypto since quite sometime now. Big deal.

http://libtomcrypt.sunsite.dk
or
http://tom.ia hu.ca

I use ECC in the traditional ElGamal method without standard packet formats. But the idea is the same...

Tom

License?

[rweir]

Is it under a 4-clause or 3-clause BSD license? OpenSSL is _still_ under the 4-clause license, with the `obnoxious advertising clause' which says that you have to mention the developers in all advertising materials.
Not such a big deal, you might say, but there are two big problems with this: 1) It's incompatible with GNU GPL, so no straight GPL software can use OpenSSL, and 2) it causes huge practical problems.

Theses issues are a big problems for Debian, in particular.

Re:It's not really that surprising

[AntiTuX]

okay, I know this is a personal thing, but it's iPlanet, not Iplanet, or IPlanet. I used to work there, and it drove me nuts when someone would misspell it.

I'll probably get modded out of commision for this, but I just really get tired of misspellings.
Even though I was on the netscape side, and got laid off, I'm still loyal to iPlanet. They gave me my start in the IT world (head Sysadmin for iPlanet Learning Solutions), and I can't thank them enough for it.

Re: algorithms vs. applications

[plcurechax]

Tom,

Your library is nice, it is portable C with tons of algorithms implemented. Test vectors. Most algorithms even have decently optimized implementations which is a plus.

But you lack protocols which are necessary to securely implement applications.

Using 3DES or AES is stupid if the application developer uses ECB (Electronic Code Book) mode of operation because it's faster and simpler. The application developer doesn't know that you need a HMAC to ensure intergity. What about replay attacks? Cut-and-paste attack?

I don't think you even have secure message padding for RSA implementation.

You have an interesting library of algorithms, but its is AFAIK lacking the "glue" to make it more useful than OpenSSL (which is ported and tested on many platforms, and heavily optimized assembly).

So to develop secure applications I will continue to use OpenSSL rather than LibTomCrypt. It is less work for me, simple as that. If you expand your work, that will end my complaints, and we'll both be happy.

Peace.

Re: algorithms vs. applications

[tomstdenis]

Well I agree I lack protocols support but that isn't to say I lack the basic algorithms. I have chaining mode wrappers [OFB,CFB,CTR,CFB] for the ciphers, etc..

In fact unlike the CryptLib and OpenSSL design my library is fully modular which means the OFB code for instance is not tied to one cipher. If you examine CryptLib [and from what I have seen of OpenSSL] they have implemented one OFB [etc] routine per cipher....

I agree though that protocol support is a good idea but thats not a be-all either.

Most protocols don't fully specify your PRNG/RNG source or how you should lock memory, store things on disk, etc...

In otherwords you can comply with say PKCS #1 and still have an insecure application.

Also unlike OpenSSL my library builds out of the box on virtually every GCC platform without configuration or patching. It even works on my Gameboy Advanced without changes!!!

In the long run I agree. I do plan on adding things like PKCS #1, P1363, etc... but in the short term I am more interested in getting mature, well documented primitives.

Tom