lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 Jul 2015 14:17:30 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, Jeremy Spilman <jeremy@...link.co>
Subject: Re: [PHC] patents

On Thu, Jul 16, 2015 at 11:32 AM, Bill Cox <waywardgeek@...il.com> wrote:


> The right thing in this case, IMO, would be for Jeremy to volunteer to
> have his patent adjusted in light of the prior art I listed above.  The
> patent office is quite generous in these cases, and would likely leave
> Jeremy with a useful patent that would not keep the rest of the world from
> using large ROMs to secure their password hashes.  US law requires Jeremy
> to contact the patent office and reveal this prior art, now that he clearly
> knows about it (I've CC-ed him on this email).
>

I think Jeremy might be able to rework his patent into a "business-model"
patent.  I am not personally aware of anyone offering to do the password
hashing with a central ROM under the control of another company that
provides this as a service.  This is what I think his company does.
Assuming he wants to carve out this space narrowly, he might be able to
convince the patent office to allow his patent with the additional steps of
transmitting the salted password hash over the Internet from a client
company to the company providing the ROM hashing service, after the first
hashing the password with a secret salt which is never transmitted.  I
think Jeremy's main idea which _might_ be new is securing the password hash
with secret salt before transmitting it to an untrusted ROM-based hashing
service.  It's not a bad idea, but it is not what he patented.  His patent
covers any sane use of ROM in password hashing, and therefore is invalid
due to prior art.

Jeremy may have thought that no one was using salt if they used ROM.
That's why he might have thought that using both salt and ROM might be
novel.  Of course, it's not possible to securely hash passwords without
salt, since that would cause users with the same password to have the same
hash.  If Jeremy was only thinking about his own use-case, he might have
missed this.  For Jeremy, the salt, which his clients keep secret, is
critical to enable the clients to trust his service.  This is what he calls
"blind hashing".  The salt is in fact a necessary step in protecting a
password, and therefore not in any way novel.  His patent says we can't use
both salt and ROM at the same time.  In reality, every good password
hashing scheme with ROM in the past uses salt.

One more point for Jeremy: any potential competitor may be better off
fighting Jeremy's weak patent in court, rather than facing a strong patent
which has been narrowed to avoid prior-art.  If Jeremy's claim #1 is
knocked out in court (which I believe would most likely happen), there's
nothing left in his patent worth saving.  All the other claims are either
dependent or lawyer-weasel-rewording of claim #1 (they always do this -
they get paid per page).  However, if he works with the USPTO to narrow his
claims to cover his blind hashing only, rather than all use of ROM in
password hashing, he may have a patent strong enough to deter competitors
in the first place.

Anyway, I just happened to read that paper yesterday.  I'm sure a proper
search would turn up lots like it.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ