Slashdot Mirror
OpenSSL Gets Cryptography Gift From Sun
Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."
Now I can keep my pesky roommates out of my palms oh-so-full social calendar.
Karma: Not Particularly Funny.
And the chances of that happenning is ....
This isn't the encryption scheme mentioned previously, when Slashdot reported that a distributed project has almost "broken" the scheme, is it?
Pax Digitalia
Yay encryption rulez! go SUN
Not this time i guess? Or is it so?
The Clit sucks ass niggaz!
Kick ass...
*BSD is still dying though.
Is this only for PDA's running xBSD?
..had this some time ago already. Well, you shouldn't count on general-news-media as your primary sources :-)
Sun is basically "arming the rebels" so they can better fight Microsoft. Even though they may have other motives, it's nice of them anyway.
cryptix.org has ECC for a while now as free code.
I hate you bastards..get my curiosity flowing, now I get the waste the rest of the work day reading this I encrypted something on my pda once..then tossed it out. Rather unorthidox method of the onetime pad cypher, I know, but hey.
Finally, math books without any of that base 6 crap in them.
Although I use and keep up with the BSD side of things, but I think this affects the entire open source community as a whole, including xBSD, Linux, Apache+SSL, and gobs of other software that utilizes SSL for security.
Nonetheless, it is great to see Sun contributing back to the community.
This does bring up one question in my mind though... could this be used in SSL acceleration cards to improve the effiency of the SSL 'processor' (i.e.: keep the same performance level while reducing the amount of power necessary)?
It is official; Netcraft now confirms: *BSD is dying
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
How many posts have we seen about the worthless Macintosh homosexuals who are prowling our hallowed Halls of Slashdot ever since the pathetic VA Software ordered Slashdot to include an Apple section in the vain hope that this would up their revenue flow?
When on earth are the Slashdot founders going to grow some BALLS and tell VA Software, or whatever the hell they're calling themselves these days, to go POUND SAND!
VA Software is WORTHLESS and they're bringing slashdot to its knees. And Fag-intosh users are also WORTHLESS and they're dropping to THEIR knees to suck Steve "I did *not* steal *BSD, it was FREE, jackass!" Jobs' minute dick.
Attention all Macintosh users: you are worthless. You stupid computer is worthless. Please commit suicide at your earliest opportunity!
I just heard some sad news on talk radio - Horror/Sci Fi writer Stephen King was found dead in his Maine home this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you didn't enjoy his work, there's no denying his contributions to popular culture. Truly an American icon.
Whatever happened to the stockwatch troll? Did VA [whateverthefuckitisthismonth] finally get delisted?!!
The worst terrorist attack in recorded history occurred over a year ago, followed by a Holy War against Islam, and now Israel and the Palestinians as well as India and Pakistan are teetering on the brink of their own war, Argentina is in the midst of a financial crisis, America is considering launching attacks against Somalia and Iraq, and you people have the gall to be discussing OpenSSL???? My *god*, people, GET SOME PRIORITIES!
The bodies of the thousands of innocent civilians who died (and will die) in these unprecedented events could give a good god damn about OpenSSL, your childish Lego models, your nerf toy guns and whining about the lack of a "fun" workplace, your Everquest/Diablo/D&D fixation, the latest Cowboy Bebop rerun, or any of the other ways you are "getting on with your life" (here's a hint: watching Cowboy Bebop in your jammies and eating a bowl of Shreddies is *not* "getting on with your life"). The souls of the victims are watching in horror as you people squander your finite, precious time on this earth playing video games!
You people disgust me!
newlmsy akhtswnd whss adna nwsufaclanw!
You can't judge a book by the way it wears its hair.
Another fine donation by Sun. Congratulations to them for the offering.
It is official; Netcraft now confirms: *BSD is dying
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
Since there is no known weakening from quantum computers of elyptic curve cryptosystems EC's may well be better for long term cryptography, even on supercomputers. Since it is pretty well known that the massive parallelism of quantom computers will greatly increase the ability of future systems to factor large numbers more traditional cyphers will be under more pressure.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
what about the Taniyama-Shimura conjecture? If openSSL would include that with elliptic curves we could solve Fermat's last theorem on our PDA's...
so now do we hate sun or love sun ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Good for SUN. SUN has always been a technology leader starting with SunOS which was based on 4.2BSD and SUN continues to contribute to the BSD and free source legacy of BSD today. One can only hope that SUN will switch its Cobalt division over to the technologically superior BSD soon.
ãÑÍÈÇ ... hi 2 u their :))
Nonetheless, it is great to see Sun contributing back to the community.
Now let's see if we can get the to contibute Solaris to the community.
Has anybody noticed a trend lately of large corporations or companies making offers to the public source movements. Is this a play between them for notice, or are they finally starting to figure out that it's better to play nice with open source than fight against it?
When I first got my Visor, a co-worker sent me an app he had been using to encrypt passwords and such. It was called Certicom SecureMemo. To set it up, you would drag your stylus in circles (elliptic curves), and it would generate a key based on this. Now, my question is, doesn't this imply that this technology is already implemented on Palm? Given, it's not OSS, but it is there.
Unfortunately, I think Certicom pulled the app from their site. Nice app.
... that and an unrestricted version of Solaris 9 for x86 (unrestricted meaning that it can be purchased/downloaded and used on non-Sun hardware) that supports more more hardware than what Solaris 8 supports.
OpenSSL is written by the OpenBSD people.
Therefore, the correct section is BSD.
.. and that they have given a irreversible distribution right for free software, so that its usable on free software but not for proprietary software unlicensed by SUN.
Or... was that a rather evil thought? I'm not sure anymore, I'm so blinded by my zealotism.
could this be used in SSL acceleration cards to improve the effiency of the SSL 'processor'
Unlikely in presently deployed accelerator cards, since AFAIK most (Rainbow CryptoSwift and nCipher) are based on custom hardware chips (FPGA and the likes) which do mainly RSA key setup which is the really slow part of establishing a SSL session. I believe several of the cards do not even do any symmetric (i.e. RC4, 3DES) acceleration because it isn't worth it.
Doesn't most hand-helds have more than enough processing power for encryption? Since you don't have broadband connections, the highest possible pressure on the processor is to encrypt/decrypt 56 kbit/s. With f.ex. 233 MHz, that's around 30 MHz pr. kbyte. And if you're encrypting financial transactions the amount of data transfered is very, very small.
The article cites that current encryption technology is based on 17th and 18th century mathematics - so is quite a lot of other things that work very well indeed. Mathematics don't deteriorate.
Of course this is a Good Thing (tm), but I honestly don't think that many people will ever notice a difference.
But if they would release it under an open source license, the best of Solaris could be mixed with the best of Linux. Not to mention one of the real unixes as open source would be neat.
I read the article, but "technology" was the only thing I read was "donated". WTF does that mean? Did they give them reference code with a GPL (or whetever the OpenSSL library uses)? Did they give up patent rights to the method? The article didn't explain just what the OpenSSL folks got.
Method of processing duck feet
How many posts have we seen about the worthless Linux homosexuals who are prowling our hallowed Halls of Slashdot ever since the pathetic VA Software ordered Slashdot to include an Apple section in the vain hope that this would up their revenue flow?
When on earth are the Slashdot founders going to grow some BALLS and tell VA Software, or whatever the hell they're calling themselves these days, to go POUND SAND!
VA Software is WORTHLESS and they're bringing slashdot to its knees. And Fag-intosh users are also WORTHLESS and they're dropping to THEIR knees to suck Steve "I did *not* steal *BSD, it was FREE, jackass!" Jobs' minute dick.
Attention all Linux users: you are worthless. You stupid computer is worthless. Please commit suicide at your earliest opportunity!
Supposedly, this offers encryption with less computational demand. And, supposedly, it's not going to be in use for 5 to 10 years.
If that's the case, my quesion is this: Why bother? Moore's law says that in the 10 years that it will take to get this implemented, CPU's will be *64 times faster* than they are today.
Just think: "Wow! With this new encryption technology, encrypted 100 megabit networking only takes 0.05% of my processer instead of 0.1%!"
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
I know that OpenSSH is maintained and developed primarily by OpenBSD developers, but I thought that OpenSSL was separate from OpenBSD.
The article reads as if using ECC for small devices is a novel concept. That isn't the case- Certicom is 15 years old, and has done ECC for handheld and embedded devices for at least 4-5 years. It has some solid encryption researchers (Scott Vanstone, for example) and a bundle of patents. Most Palms out today use Certicom's ECC, although newer versions are using RSA. And while Certicom is probably the best known company promoting ECC, I know of several other companies in Japan, Korea and Germany that sell their own implementations of ECC.
...given that it was invented by NeXT?
OpenSSL is not the child of OpenBSD, nor a cousin of OpenSSH. OpenSSL is an independant project.
OpenSSH is a baby of openBSD, and OpenSSH depends on OpenSSL.
The Eliptic curve stuff was donated to OpenSSH team, not the OpenSSL group. So dreaming about this in your ssl accelerated card of the future is a bit silly. However, if openSSH team open sources the tech, and that tech is under bsd lisence, then maybe it will work its way down into the chip makers crypto designes.
It isn't a lie if you belive it.
I can see this as a positive step to secure the network end to end, from the server room down to the smallest of devices, the PDA.
As it stands now, having a wireless network could be a blessing. Information available at your finger tips. PDAs have never been a strong focal point for security in my experience. It will be great to see a network that can be truly encrypted end to end.
Now if only the user friendliness of this made it so that even the ordinary citizen could use it.
I am writing to express my concerns about Dick Cheney and, more specifically, his goals regarding intemperate hatemongers. Let's start with my claim that Cheney intends to create a new social class. Repugnant champions of deceit, lies, theft, plunder, and rapine, yawping, shabby windbags, and incompetent spoilsports will be given aristocratic status. The rest of us will be forced into serving as their representatives. If you understand that a true enemy is better than a false friend, then you can comprehend that he argues that I am fork-tongued for wanting to expose his memoirs for what they really are. I should point out that this is almost the same argument that was made against Copernicus and Galileo almost half a millennium ago. Cheney's opinions deserve to be criticized because they separate people from their roots and cut their bonds to their natural communities. Wouldn't it be wonderful if we lived in a world without indecent buffoons? Stoicism doesn't work. So why does Cheney cling to it? It is only when one has answers to that question is it possible to make sense of Cheney's biases, because the reason Cheney wants to impugn the patriotism of his opponents is that he's entirely power-hungry. If you believe you have another explanation for his moonstruck behavior, then please write and tell me about it. I know very few closed-minded goof-offs personally, but I know them well enough to surmise that he says he's going to spew forth ignorance and prejudice by the end of the decade. Is he out of his ostentatious mind? The answer is fairly obvious when you consider that I recently heard him tell a bunch of people that all literature which opposes McCarthyism was forged by dirty, pesky carpetbaggers. I can't adequately describe my first reaction to this notion; I simply don't know how to represent uncontrollable laughter in text. And if you think that the average working-class person can't see through Cheney's chicanery, then you aren't thinking very clearly. It may be obvious but should nonetheless be acknowledged that griping about Cheney will not make him stop trying to worsen an already unstable situation. But even if it did, he would just find some other way to pamper impudent careless-types. I cannot simply sit idly by while patronizing, neurotic turncoats resort to underhanded tactics. Period, finis, and Q.E.D. The simple, regrettable truth is that Cheney's quixotic outbursts leave the current power structure untouched while simultaneously killing countless children through starvation and disease. Are these children his enemies? The answer is not obvious, because his ideas are not witty satire, as Cheney would have you believe. They're simply the disrespectful ramblings of someone who has no idea or appreciation of what he's mocking. Whenever he tries to help noisome fugitives evade capture by the authorities, so do beer-guzzling, saturnine astrologers. Similarly, whenever he attempts to abandon me on a desert island, dishonest, belligerent menaces typically attempt the same. I do not seek to draw any causal scheme from these correlations. I mention them only because he wants nothing less than to ridicule, parody, censor, and downgrade opposing ideas. His vassals then wonder, "What's wrong with that?" Well, there's not much to be done with violent slaves to fashion who can't figure out what's wrong with that, but the rest of us can plainly see that most of you reading this letter have your hearts in the right place. Now follow your hearts with actions. Time has only reinforced that conviction. You might contend I'm telling you this because I like to beat up on Cheney. Really, that isn't my principal reason. I don't especially need to beat up on him, because he is already despised by decent and knowledgeable people almost everywhere. Think about that for a moment. His confreres are unified under a common goal. That goal is to make empty promises. This seems so obvious, I am amazed there is even any discussion about it. Cheney is penny wise and pound foolish. Okay, that's a slight exaggeration, but you get the drift. He does not want to besmirch the memory of some genuine historic figures because he is confused, doctrinaire, crass, and self-deceiving (though,granted, Cheney is all of the aforementioned), but rather because Cheney's idiotic claim that everything he says is utterly and completely true is just that, an idiotic claim. His lieutenants claim that "anyone who disagrees with Cheney is ultimately daft." First off, that's a lousy sentence. If they had written that I suspect that people who work with Cheney's satraps discredit themselves, then that quote would have had more validity. As it stands, I cannot compromise with Cheney; he is without principles. I cannot reason with him; he is without reason. But I can warn him, and with a warning he must undeniably take to heart: It strikes me as amusing that Cheney complains about people who do nothing but complain. Well, news flash! He does nothing but complain. Statements like, "The odds are more than ten to one that it is undeniable by anyone but recalcitrant junkies that Cheney has no evidence or examples to back up his point" accurately express the feelings of most of us here. I guess that my take on this is that when the waragainst reason is backed by a large cadre of blathering killjoys, the results are even more ossession-obsessed. Excuse me; that's not entirely correct. What I meant to say is that the main dissensus between me and Cheney is that I insist that Cheney, like many other crapulous degenerates, has joined in with the chorus of furies who have been tearing away at the remains of rationality since the dawn of Derrida. He, on the other hand, contends that a book of his writings would be a good addition to the Bible. He is like a stray pigeon. Pigeons are too self-absorbed to care about anyone else. They poo on people they don't like; they poo on people they don't even know. The only real difference between Cheney and a pigeon is that Cheney intends to overthrow all concepts of beauty and sublimity, of the noble and the good, and instead drag people down into the sphere of Cheney's own base nature. That's why his policies are a load of bunk. I use this delightfully pejorative term, "bunk" -- an alternative from the same page of my riminal-slang lexicon would serve just as well -- because he not only lies, but he brags about his lying to his buddies. We must reach the broadest possible audience with the message that Cheney's words have served as a powerful weapon with which prissy loonies can galvanize a snivelling hysteria, a large-scale version of the nettlesome mentality that can put political correctness ahead of scientific rigor. Only then can a society free of his hateful perceptions blossom forth from the roots of the past. And only then will people come to understand that his bootlickers are too lazy to focus on the major economic, social, and political forces that provide the setting for the expression of a duplicitous agenda. They just want to sit back, fasten their mouths on the public teats, and casually forget that I appreciate feedback and other people's views on subjects. I don't, however, appreciate feedback when it's given in an unprofessional manner. I don't know whether or not you've ever been physically present at a public demonstration by Cheney's rank-and-file followers, but let me tell you, they're pretty fatuous. Easy as it may seem to stick to the facts and offer only those arguments that can be supported by those facts, it is far more difficult to break the mold and stray from the path of conventional wisdom. Cheney maintains that he has been robbed of all he does not possess. This is hardly the case. Rather, there is growing evidence that says, to the contrary, that I wonder if he really believes the things he says. He knows they're not true, doesn't he? Any honest person who takes the time to think about that question will be forced to conclude that every time he utters or writes a statement that supports communism -- even indirectly -- it sends a message that he is omnipotent. I maintain we mustn't let him make such statements, partly because he must think that the world has no memory, but primarily because prudence is no vice. Cowardice -- especially his stupid form of it -- is. Before Cheney spews any more psychoanalytical drivel, let me assure him that I sometimes ask myself whether the struggle to express my views is worth all of the potential consequences. And I consistently answer by saying that he plans to produce a new generation of out-of-touch meatheads whose opinions and prejudices, far from being enlightened and challenged, are simply legitimized. He has instructed his deputies not to discuss this or even admit to his plan's existence. Obviously, Cheney knows he has something to hide. I sincerely have a hard time trying to reason with people who remain calm when they see Cheney hold annual private conferences in which sex-crazed swaggerers are invited to present their "research". His editorials manifest themselves in two phases. Phase one: obliterate our sense of identity. Phase two: practice human sacrifice on a grand scale in some sort of venal death cult. This is equivalent to saying that I stand by what I've written before, that I once managed to get Cheney to agree that it's amazing that wayward mountebanks like him still exist in this day and age. Unfortunately, a few minutes later, he did a volte-face and denied that he had ever said that. "Tolerance" means tolerance of all, not only of a select few, but given the way things are these days, we must remember that some of us have an opportunity to come in contact with testy lowbrows on a regular basis at work or in school. We, therefore, may be able to gain some insight into the way they think, into their values; we may be able to understand why they want to dress up Cheney's profit motive in the cloak of selfless altruism. Cheney's philosophies have been a millstone around our neck for quite some time. But there's the rub; one could truthfully say that Cheney uses good motives as a cover for evil ones. But saying that would miss the real point, which is that if you read his writings while mentally out of focus, you may get the sense that governments should have the right to lie to their own subjects or to other governments. But if you read Cheney's writings while mentally in focus and weigh each point carefully, it's clear that he is driving me nuts. I can't take it anymore! I've heard of cynical things like particularism and exhibitionism. But I've also heard of things like nonviolence, higher moralities, and treating all beings as ends in and of themselves -- ideas which Cheney's ignorant, unthinking, predaceous brain is too small to understand. One of Cheney's former mercenaries, shortly after having escaped from Cheney's iron veil of monolithic thought, stated, "Cheney has no table manners." This comment is typical of those who have finally realized that Cheney often recruits featherbrained extremists who bring to Cheney's cause new energy and a willingness to destabilize society. Don't make the mistake of thinking otherwise. Cheney does, and that's why we were put on this planet to be active, to struggle, and to discuss the advantages of two-parent families, the essential role of individual and family responsibility, the need for uniform standards of civil behavior, and the primacy of the work ethic. We were not put here to infantilize and corrupt the general public, as Cheney might feel. A final note: Interventionism is correctly defined by its snooty style, structure, and methods, not by its stated or apparent ideological premises or goals.
You know what that tells us, right?
:)
The NSA can already crack it.
OpenSSL is written by the OpenBSD people
Not quite.
OpenSSL is maintained by OpenSSL core members: Ralf S. Engelschall, Ben Laurie, Mark J. Cox, Dr. Stephen Henson, and others developers.
OpenSSH was written by OpenBSD members (Theo de Raadt, Niels Provos, Markus Friedl, Dug Song, and others). OpenSSH uses OpenSSL as a cryptographic library source (it is highly optimized for many processors).
So how in the hell is this a BSD-specific article!?!?!
...they should have donated some decent web servers to them so I can access the OpenSSL site more than once a week.
...given that it was invented by NeXT?
Sorry, Ellipitic curve cryptography was invented independantly by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source)
If they are so *&*^ serious about security? The slapper worm has been out for quite a while now, and Sun's cobalts run a REALLY old version of OpenSSL. Sun's last patch was released almost a month ago, for a CGI vulnerability. They've been asked dozens of times about the OpenSSL patch, and won't even give customers the courtesy of a "We're going to have one by X" response. CobaltOS is just a flippin' rebuilt RedHat OS; it isn't hard to patch!
BSD? Huh?
Blockquoth the News.com article
I know the keys used for ECC are generally smaller, but that seems like a fairly minor consideration even for PDAs (how many keys do you ever need to store anyway?)
Is eliptic curve cryptography actually faster than RSA? If so, by how much?
And if it IS faster, wouldn't it be much more useful for web servers than for PDAs?
did yo momma drop u on ur head when u was a little rugrat worm you stupid piece of shit... go fuck off yourself u fucking scumbag
Not all such gifts are useful for the recipient, and some are genuinely harmful to the interests of open source users. So, do look a gift horse in the mouth, or you may be stuck with large vet bills otherwise.
This one seems harmless if it is on unpatented technology, or if the patents are free for use by open source.
Ah, the magic word: "Patent"
ECC algorithms have all sorts of submarine patents and prior art that have prevented widespread adoption. Sun's donation does not change that.
Too bad, coz ECC is way cool. I did a digital signature app with Certicom ECC that resulted in 42-byte signatures.
Premature optimization is the root of all evil
The BSD license is evil. It is a license to steal. Using it will only ensure that corporations will not contribute anything back to the community... ...What's that? Sun contributed back? Well, shit. That ruins that argument...
A Government Is a Body of People, Usually Notably Ungoverned
Then why don't you fix it yourself? Is RPM --rebuild too much trouble for you?
'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame)
Elliptic curve cryptography was indepentantly
invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source)
Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when you get distracted by the politickers that they sideline you. The tireless work that you perform keeping the system clean and building is what provides the platform for the obsessives and the prima donnas to have their moments in the sun. In the end, we need you all; in order to go forwards we must first avoid going backwards.
To the paranoid conspiracy theorists - yes, I work for Apple too. No, my resignation wasn't on Steve's direct orders, or in any way related to work I'm doing, may do, may not do, or indeed what was in the tea I had at lunchtime today. It's about real problems that the project faces, real problems that the project has brought upon itself. You can't escape them by inventing excuses about outside influence, the problem stems from within.
To the politically obsessed - give it a break, if you can. No, the project isn't a lemonade stand anymore, but it's not a world-spanning corporate juggernaut either and some of the more grandiose visions going around are in need of a solid dose of reality. Keep it simple, stupid.
To the grandstanders, the prima donnas, and anyone that thinks that they can hold the project to ransom for their own agenda - give it a break, if you can. When the current core were elected, we took a conscious stand against vigorous sanctions, and some of you have exploited that. A new core is going to have to decide whether to repeat this mistake or get tough. I hope they learn from our errors.
Future
I started work on FreeBSD because it was fun. If I'm going to continue, it has to be fun again. There are things I still feel obligated to do, and with any luck I'll find the time to meet those obligations.
However I don't feel an obligation to get involved in the political mess the project is in right now. I tried, I burnt out. I don't feel that my efforts were worthwhile. So I won't be standing for election, I won't be shouting from the sidelines, and I probably won't vote in the next round of ballots.
You could say I'm packing up my toys. I'm not going home just yet, but I'm not going to play unless you can work out how to make the project somewhere fun to be again.
= Mike
--
By Chinese Karma Whore, Version 1.0
Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.
Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.
These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.
As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.
Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.
The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.
What does a grape smuggler do?
In fact, it has and can be easily shown that by solving "the factoring problem" (as it's oh-so-vulgarly put) or the discrete log problem of classical public key cryptosystems, one solves EC's. The problems are extensions of one another, and the solution to one is trivially deducible from the solution to another.
your statement was like saying "unlike Webster's Dictionary, the Oxford English Dictonary has no words in it" - pure and utter nonsense. gibberish.
All ECC's are (in boiled-down essence), is a Discrete Log problem on a cubic whose solutions are confined to a torus. (i.e. 'elliptic curve').
while it's true that the keysize needed for secure ECC is much, much smaller and increases much much more slowly than either DL (discrete log) or IF (integer factorization) [both of which are essentially exactly the same] systems, this has to do with the way the field is set up and how the keys correspond.
Applications like online wireless betting or online wireless reservations need better (read: quick) security in PDAs and mobile phones
But don't e-commerce apps typically have small data packets? Encrypting a tightly packed transaction on a 16 MHz ARM processor won't take very long.
Will I retire or break 10K?
> Now I can keep my pesky roommates out of my palm's oh-so-full social calendar.
Actually, this can be taken in more than one way, especially since "palm" isn't capitalized.
Well Arthur, it looks like this elipse has come full circle.
JET Program: see Japan, meet intere
The Eliptic curve stuff was donated to OpenSSH team
No, the Elliptic Curve code was donated to OpenSSL. OpenSSL is used in, among other things, OpenSSH. The OpenSSL license is BSD-like, but not strictly a BSD license.
Additionally, it is very possible to accelerate SSL in hardware. In fact, the Sun project page itself talks about integrating ECC and SSL support into a hardware accellerator.
but so what?
a hu.ca
My crypto lib has supported [non-P1363] ECC crypto since quite sometime now. Big deal.
http://libtomcrypt.sunsite.dk
or
http://tom.i
I use ECC in the traditional ElGamal method without standard packet formats. But the idea is the same...
Tom
Someday, I'll have a real sig.
Additionally, it is very possible to accelerate SSL in hardware. In fact, the Sun project page [sun.com] itself talks about integrating ECC and SSL support into a hardware accellerator.
And there are lots of companies that sell stand-alone SSL accellerators.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
Is it under a 4-clause or 3-clause BSD license? OpenSSL is _still_ under the 4-clause license, with the `obnoxious advertising clause' which says that you have to mention the developers in all advertising materials.
Not such a big deal, you might say, but there are two big problems with this: 1) It's incompatible with GNU GPL, so no straight GPL software can use OpenSSL, and 2) it causes huge practical problems.
Theses issues are a big problems for Debian, in particular.
Elliptic Curve Encription isn't 'owned' by Sun. Apple owns some pattent related to it that they got from NeXT (search for Richard Crandall). And it was invented by someone else entirely (see comments above).
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Let me think... Um, NO.
But I'm also not necessarily representative of most COBALT users. People who CAN build from source are generally not the target audience of the machine. They BOUGHT a Cobalt server as an appliance, which is what SUN markets it as. SUN says not to ever touch the CLI, as "The GUI does everything you need".
People buy a Cobalt from a big name vendor so they get the stability and resource-friendliness of Linux with (theoretically) the SUPPORT (in terms of patches and making the software easy to use and documentation) of a big name vendor.
So that's the problem.
(I love trolls who are such wizards about all this, but still post anonymously)
And likely they can crack everything else that's widely used.
:p
The important part is, some random ass out in the streets won't be able to crack it.
Like to make stuff? ReadyMade magazine [readymademag.com] is like Martha Stewart meets Wired.
I dig readymade magazine.. are you affiliated with them or just advertising because its a cool magazine?
Does anybody know of a secure surfing service that the government doesn't have a back door key to? IE SSL encryption is definitely out, and I'm not so sure about anonymizer.com, either.
Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.
Actually, Ralph Merkle invented public-key cryptography (too). Merkle's article was SUBMITTED first, though the Diffie-Hellman article was PUBLISHED first while Merkle's was still going through the review process.
Not to disparage any of 'em. Merkle and Diffie & Hellman both invented it separately.
And for you people who follow Nanotech and/or Cryonics, yes it's THAT Ralph Merkle (who didn't invent either cryonics or nanotech, though he does much great work to advance them).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Tom,
Your library is nice, it is portable C with tons of algorithms implemented. Test vectors. Most algorithms even have decently optimized implementations which is a plus.
But you lack protocols which are necessary to securely implement applications.
Using 3DES or AES is stupid if the application developer uses ECB (Electronic Code Book) mode of operation because it's faster and simpler. The application developer doesn't know that you need a HMAC to ensure intergity. What about replay attacks? Cut-and-paste attack?
I don't think you even have secure message padding for RSA implementation.
You have an interesting library of algorithms, but its is AFAIK lacking the "glue" to make it more useful than OpenSSL (which is ported and tested on many platforms, and heavily optimized assembly).
So to develop secure applications I will continue to use OpenSSL rather than LibTomCrypt. It is less work for me, simple as that. If you expand your work, that will end my complaints, and we'll both be happy.
Peace.
Look at Crypto++ benchmarks for a concrete example on a desktop machine (32-bit >>100 MHz x86 processor).
I do not have any benchmarks for low end processors. Sorry.
Well I agree I lack protocols support but that isn't to say I lack the basic algorithms. I have chaining mode wrappers [OFB,CFB,CTR,CFB] for the ciphers, etc..
In fact unlike the CryptLib and OpenSSL design my library is fully modular which means the OFB code for instance is not tied to one cipher. If you examine CryptLib [and from what I have seen of OpenSSL] they have implemented one OFB [etc] routine per cipher....
I agree though that protocol support is a good idea but thats not a be-all either.
Most protocols don't fully specify your PRNG/RNG source or how you should lock memory, store things on disk, etc...
In otherwords you can comply with say PKCS #1 and still have an insecure application.
Also unlike OpenSSL my library builds out of the box on virtually every GCC platform without configuration or patching. It even works on my Gameboy Advanced without changes!!!
In the long run I agree. I do plan on adding things like PKCS #1, P1363, etc... but in the short term I am more interested in getting mature, well documented primitives.
Tom
Someday, I'll have a real sig.
sorry jackass, its an openbsd project. They get the credits.
Why not becoming a good Assembler hacker? :)
Later, you could have students, and more fun.
(just guessing)
Hope it helps
Rwe obliged 2 save our future by choosing:O3 hole-greenhouse effect instead of accepting everydays gossip-nonsense chat?
Not to mention one of the real unixes as open source would be neat.
...
FreeBSD, NetBSD, OpenBSD, Darwin,
Yes, they're reall unices. They may not be able to use the trade mark, but they're a lot more UNIX than many an official UNIX.
A Government Is a Body of People, Usually Notably Ungoverned
I think a 16 MHz ARM processor would only be in a "high end" smart phone, or a PDA and not your mass market average cell phone.
What would a "mass market average cell phone" need with fast public-key encryption? Can't it just authenticate with the cell tower, grab a symmetric key, and then just encrypt voice with AES[1] based on that, possibly grabbing new symmetric keys during non-talk time? Wouldn't the more advanced "Burning Cell Phones" that run apps other than voice and simple games be essentially PDAs with a fast processor anyway?
Think 8 or 16 bit, less than 12 MHz on average.
So you're talking half the power of a GBA. (The GBA is 32-bit with a 16-bit data bus, clocked at 16 MHz.) How does RSA computation scale with respect to keylength?
[1] Yes, AES been theoretically attacked down to 96-bit, but 96-bit is still considered quite "strong" for symmetric encryption. It has taken nearly four years, and one of the world's biggest clusters still hasn't broken a 64-bit key.
Will I retire or break 10K?
I'm not directly affiliated with them, but my girlfriend worked as an intern for them. :-)
There is a saying that in cryptography, there are three types of elliptic curves: the insecure ones, the inefficient ones, and those that have been patented by Certicom.
I wonder which curves can be used with the code offered by Sun.
I didn't think it was a conjecture anymore since Andrew Wiles proved it.
Wondering if its not because they "invented" it, but maybe because they hold the IP license for an implementatuin that they decided to allow OpenSSL to use under a free license..
--
Time is on my side
Back in the '60s, it had been invented at GCHQ by James Ellis for use by the British Secret Service. Unfortunately, due to the Official Secrets Act, Ellis was forbidden to publish or discuss his discovery.
The organisation that Ellis worked for, CESG, are on-line - you can check out their site here.
Here's a link to a page explaining their input into Public Key Crypto.
I'd first heard about Ellis' work in Simon Singh's book, The Code Book. James Ellis seemed to be a very quiet, modest person. It's a shame that his name isn't to the forefront when we think of Public-Key crypto. Credit where it's dueAlison
"It is a miracle that curiosity survives formal education." - Albert Einstein
I certainly agree with most of what you say.
If you want more developers to use your library, you need to make it easier for them to use libtomcrypt in a secure fashion.
That includes secure protocols (network, storage), consistant access to cryptographically strong PRNG/RNG, etc.
Standard protocols increase the usefullness because developers can use them to interact with other (often already existing) applications.
When you add these additional features I think you will then see an increase in interest in libtomcrypt.
The problem you are falling into is what I call the "magic button" thoerem. It states (falsely) that some magic button must exist that solves all problems.
Likewise for a crypto library there is no
int magic_button(pt, ct, key)
function since each system, os, cryptosystem is unique.
My library is not designed to solve just one problem. Its a well organized set of primitives and support routines that can be used.
Quite frankly if you're not smart enough to take primitives and make your own system that is secure you're in the wrong business.
That being said I have nothing against standards complaince. I want to add PKCS #1 support for instance, but even when I have PKCS #1 merged in libtomcrypt won't provide "magic button" support.
For instance, Wayne Scott [of bitkeepers.com] has recently tested libtomcrypt on 18 different platforms/os combos. With exception to a few problems [os'es without RNG's] the library worked statically [e.g. anywhere where an RNG is not needed] flawlessly
This follows my train of thought. You take my lib, add your system specific stuff and get a cryptosystem in return.
If I narrowed the system to say support "win32 magic buttons" I would instantly lose all my portableness
Tom
Someday, I'll have a real sig.
No, they're not. If they were, it would be illegal to download them.
Were any of you elitist BSD children even alive during the AT&T lawsuits?
And I'm sorry about the +1 Funny moderation I gave you, but I thought it'd be funnier than a +1 Informative :-)
Everyone knows about BSD's failure and imminent demise.
If everyone knows, why do you feel the need to post the same anti-BSD rant all the time? Presumably if *BSD is "dead", than one eulogy would be enough.
The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team.
Don't know about Michael Smith's contributions to FreeBSD(there are plenty more), but Jordan Hubbard has served mainly as a spokesman, not a developer for the core OS. Though his opinions were quite respected, his code contributions dwindled off long before he left the Core group (I'm not even sure that he's always been in Core up to now). A number of prominent developers have come and gone, but work continues on 5.0 and beyond. Strange how you were insisting that BSD was dead long before these two people left core. A number of months have passed since these last two resignations, and we're all still waiting for BSD to die.
Don't believe their hype - BSD's development model has significantly impaired its progress.
Hmmm, what do you call posting the same rant 100 times over? For that matter, what do you call Linux?
Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.
So, is this a religious war over open source licensing, or did FreeBSD-core not like your shitty patches? Going by the FUD and rather obscure purple prose that you've been posting, I doubt you even know how to use a compiler. Speaking of "achievements", what are you accomplishing if your lengthy, insightful posts are routinely modded down? The funny thing is that XFree86, a project with a BSD-style licensing scheme, a product with a release cycle almost as slow as that ever-so-popular GNU HURD project, is software that few GNU/Linux users could do without. Odd too how FreeBSD developers had to jump on Linux developers for grabbing huge bits of BSD network stack code without giving credit where it was due. Gosh, it's just so terrible that Linux can get away with stealing BSD-licensed code! Apart from those two faced people who routinely bite the hand that feeds them, cross pollination between the various projects ought to be encouraged, and the BSD license is better for that sort of thing than the exceedingly political GNU scheme. It's also nice to know that those tyranical core BSD developers don't have to deal with a 100 pound gorilla like Redhat asserting its authority whenever it chooses.
I think what all this really boils down to is ideology: an open-ended debate over what "free" means versus "if you don't accept my definition of freedom, I'll bludgeon you to death". If your "arguments" had any merit in a free market place of ideas, you wouldn't need to repeat them much less shout them repeatedly. People are going to continue to use *BSD code because you can't tell them what to do and they're likely to know better than you anyway. Better luck next time.
Date: Mon, 23 Sep 2002 12:38:11 -0600
From: Theo de Raadt
To: misc@cvs.openbsd.org
Subject: openssl
some of you asked us what that ECC donation from Sun to OpenSSL means.
so what does it mean?
it means that OpenSSL is becoming a non-free software project, because
the code from Sun contains licenses which invoke patent litigation;
the licence on the new code basically builds a contract that says "if
you use this code, you cannot sue Sun".
In such a way, by means of the slippery slope, a free software project
becomes not as free, and eventually, less and less free.
Before anyone speaks up about and says "that restriction does not
affect me". It does indirectly affect you. It means that some other
vendor that uses this code, and subsequently ends up having a spat
with Sun, ends up wasting money on legal efforts, and our entire
society pays for that. My take on it, is that this is the way the
legal industry ensures itself future work.
On the other hand, here in OpenBSD land we will continue to strive to
make our software more and more free. We've been squishing odd
license terms which contain non-free restrictions throughout the
source tree for about 2 years now.
once again, i think it is time to fork OpenSSL. It's obviously run by
a bunch of people who don't think through the legal implications of
their actions. they should NOT have accepted that code without it
being 100% free.
This donation is not free code. Shame on you Sun, and double shame on
you OpenSSL.
What Sun has gifted to OpenSL is an implementation of the elliptic curve technology. In addition, this elliptic curve crypto library is well integrated into the existing OpenSSL source structure. Devlopers can down load from the openssl.org website today a working and free version of openssl which performs SSL/TLS secure handshakes using Elliptic Curve cipher suites.
>The Eliptic curve stuff was donated to OpenSSH team, not the OpenSSL group.
>So dreaming about this in your ssl accelerated card of the future is a bit silly.
Not silly at all. The Elliptic Curve stuff was indeed donated to OpenSSL. Having this technology in your ssl accelerated card is actually quite doable and will happen soon. The ssl accelerator cards today accelerate RSA. Soon they accelerate both elliptic curve crypto and RSA.
http://research.sun.com/projects/crypto/Frequenly
It includes technical information and answers questions some people had about licensing.