[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <534BE6CF.4020200@Oracle.COM>
Date: Mon, 14 Apr 2014 14:46:55 +0100
From: Darren J Moffat <Darren.Moffat@...cle.COM>
To: discussions@...sword-hashing.net
CC: Bill Cox <waywardgeek@...il.com>
Subject: Re: [PHC] Do we need a common password hashing API?
On 04/14/14 14:35, Bill Cox wrote:
> On Mon, Apr 14, 2014 at 4:09 AM, Alec Muffett <alec.muffett@...il.com
> <mailto:alec.muffett@...il.com>> wrote:
>
> Hey Alexander!
>
> Before throwing the baby out with the bathwater I would suggest
> getting in touch with Casper and Darren who are still at that
> company and might be able to give you some insight into the patent.
> I left Sun in 2009 when Sun got bought out, but back then the plan
> was to make it patented but not enforced, ie: to stop some bad guy
> doing the same and blocking out the Internet community.
>
> Evidence of this would include that the SHA512 process borrows some
> ideas from SunMD5 ("rounds=N" in the cipher, etc) because Casper (if
> I remember correctly?) participated in that process with RedHat.
> I'll cc: them on this mail. I don't know whether if then reply
> whether it would bounce?
>
> - alec
>
>
> I read the patent. Every claim depends on building a system that can
> support new hashing algorithms without changing source code, and instead
> only configuration files. This is a great idea, but having to recompile
> to support new algorithms isn't all that bad. For one thing, it allows
> us to use enumerated types in the interface for selection of the
> algorithm, while we'd have to use strings otherwise.
**** Note that this is not in any way legal advice nor an official
statement from Oracle. ****
That was the intent of the patent because recompiling is a big deal for
systems that are not open source - and even sometimes those that are.
There was no intention to patent the SunMD5 password hash itself so I
wouldn't expect any claims about it in the patent.
At the time this was developed for Solaris which was closed source, much
much later an implementation of this became available under the CDDL as
part of OpenSolaris. You can find a copy of that implementation in the
Illumos git hub source here:
https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libc/port/gen/crypt.c
**** Note that this is not in any way legal advice nor an official
statement from Oracle. ****
--
Darren J Moffat
Powered by blists - more mailing lists