Message-ID: <00f101cf2420$558a15a0$009e40e0$@acm.org>
Date: Fri, 7 Feb 2014 08:19:07 -0800
From: "Dennis E. Hamilton" <dennis.hamilton@....org>
To: <discussions@...sword-hashing.net>
Subject: RE: [PHC] Never read a patent

Putting fake accounts into database systems has been done for a very long time, certainly longer than the life of any patent.  Not necessarily for reasons related to password security, though.

Not that this matters in the context of the larger message (and concerns) about patents.

 - Dennis

-----Original Message-----
From: Bill Cox [mailto:waywardgeek@...il.com] 
Sent: Friday, February 7, 2014 07:46
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Never read a patent

On Fri, Feb 7, 2014 at 10:01 AM, Alan Kaminsky <ark@...rit.edu> wrote:
> In their book "Practical Cryptography" (Wiley Publishing, 2003), pages
> 375-376, noted cryptographers Neils Ferguson and Bruce Schneier say this:
>
> "One word of advice: never read a patent. That's right. You'd think that
> reading patents to see what they cover is a good idea. It is not. If you
> infringe on a patent without having known that you did so, you may end up
> paying damages to the patent holder. But if they can prove that you
> willfully infringed (because you knew about their patent), you may end up
> paying triple damages. So if you read a patent, you automatically increase
> your liability for infringing that patent by a factor of three.

[ ... ] I'm also bummed about a patent on
storing fake user accounts with weak passwords in the password
database as a strategy for detecting when the database has been leaked
to brute-force attackers.  This shouldn't impact the PHC, but it's
still a bummer.  It's one of those good ideas that now will be locked
away for 20 years when we need it most.  Software patents are such a
bad idea...

Bill

Powered by blists - more mailing lists