lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 09:35:52 -0400
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Do we need a common password hashing API?

On Mon, Apr 14, 2014 at 4:09 AM, Alec Muffett <alec.muffett@...il.com>wrote:

> Hey Alexander!
>
> Before throwing the baby out with the bathwater I would suggest getting in
> touch with Casper and Darren who are still at that company and might be
> able to give you some insight into the patent. I left Sun in 2009 when Sun
> got bought out, but back then the plan was to make it patented but not
> enforced, ie: to stop some bad guy doing the same and blocking out the
> Internet community.
>
> Evidence of this would include that the SHA512 process borrows some ideas
> from SunMD5 ("rounds=N" in the cipher, etc) because Casper (if I remember
> correctly?) participated in that process with RedHat.
>
>  I'll cc: them on this mail. I don't know whether if then reply whether it
> would bounce?
>
>     - alec
>

I read the patent.  Every claim depends on building a system that can
support new hashing algorithms without changing source code, and instead
only configuration files.  This is a great idea, but having to recompile to
support new algorithms isn't all that bad.  For one thing, it allows us to
use enumerated types in the interface for selection of the algorithm, while
we'd have to use strings otherwise.

So, we can still write a common API without running afoul of this
particular patent.  It's just not ideal.  That's often what we have to do
in the open-source community - back off to a less desirable algorithm.
 Just code stupid.  That's what software patents have forced on the world.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists