lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 Jul 2015 11:32:17 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>, Jeremy Spilman <jeremy@...link.co>
Subject: Re: [PHC] patents

On Thu, Jul 16, 2015 at 1:48 AM, Solar Designer <solar@...nwall.com> wrote:

> Hi,
>
> Earlier this year, I became aware, from Jeremy Spilman, of 2 patents
> that might (or might not, I am not a patent lawyer) apply to purposeful
> use of yescrypt's ROM as a secret.


I found this patent <http://www.google.com/patents/US20140032922>.  What is
the other?

This patent does seem to cover hashing ROM into a salted password to
generate the stored password hash, IMO.  I am not a lawyer, and my opinion
caries no legal weight, but I am an author on 26 patents, and have read
plenty more.  However, like so many of these software patents, this one is
clearly invalid due to prior art, such as this paper published in 2006
<http://www.cs.nyu.edu/~walfish/DLW06.pdf>, 7 years before this patent was
filed.

IMO, this patent will not affect using Yescrypt for ROM-port-hard (what I
have been calling bandwidth-hardened) PoW systems in any way.  The claims
require hashing a password in every claim.

I see Jeremy claims to have invented this in 2012, after the Linked-In
hack.  I find this plausible, because I independently worked hard on the
password security problem at the same time for the same reason.  My
invention was to use a lot of memory with random  read-writes :-)  I'm
always a few years too late...

However, giving him this benefit of the doubt, didn't he see that you published
it in 2012
<http://www.openwall.com/presentations/ZeroNights2012-New-In-Password-Hashing/>?
I will prefer to believe this is a simple mistake by Jeremy for now.
However, it looks pretty bad.  Patenting well known work done by other's is
illegal, and I've seen one guy go to prison for an absurdly long time over
it (that guy complicated the situation by forging docs "proving" his prior
invention, then trying to hire someone to kill the judge in his case).

The right thing in this case, IMO, would be for Jeremy to volunteer to have
his patent adjusted in light of the prior art I listed above.  The patent
office is quite generous in these cases, and would likely leave Jeremy with
a useful patent that would not keep the rest of the world from using large
ROMs to secure their password hashes.  US law requires Jeremy to contact
the patent office and reveal this prior art, now that he clearly knows
about it (I've CC-ed him on this email).

US law does not require anyone but the patent holder to contact the patent
office when new prior art is revealed, but I've done it before.  I would be
willing to again in this case if Jeremy is unwilling to contact the patent
office himself over this prior-art.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists