lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 22:11:35 +0300
From: Solar Designer <>
Subject: Re: [PHC] patents

On Thu, Jul 16, 2015 at 11:32:17AM -0700, Bill Cox wrote:
> I found this patent <>.  What is
> the other?

> This patent does seem to cover hashing ROM into a salted password to
> generate the stored password hash, IMO.  I am not a lawyer, and my opinion
> caries no legal weight, but I am an author on 26 patents, and have read
> plenty more.  However, like so many of these software patents, this one is
> clearly invalid due to prior art, such as this paper published in 2006
> <>, 7 years before this patent was
> filed.

So you found the paper leading to the other patent.

> IMO, this patent will not affect using Yescrypt for ROM-port-hard (what I
> have been calling bandwidth-hardened) PoW systems in any way.  The claims
> require hashing a password in every claim.

It sounds like you feel it does cover using yescrypt for ROM-port-hard
password hashing, even if the ROM is not secret.  That's really bad if so.
But that's not my current understanding.

> I see Jeremy claims to have invented this in 2012, after the Linked-In
> hack.  I find this plausible, because I independently worked hard on the
> password security problem at the same time for the same reason.  My
> invention was to use a lot of memory with random  read-writes :-)  I'm
> always a few years too late...
> However, giving him this benefit of the doubt, didn't he see that you published
> it in 2012
> <>?

He did.  Jeremy claims to have independently arrived at this in July
2012, but intentionally not publishing it yet for the purpose of
patenting it.  I find this plausible.

> I will prefer to believe this is a simple mistake by Jeremy for now.
> However, it looks pretty bad.

It did look pretty bad to me in this way at first, but Jeremy managed to
convince me it was in fact independent discovery, a few months before my
ZeroNights talk.  What still looks bad to me is the very fact this
useful stuff is patented (although the patent might be fully or
partially invalid due to other prior art).

I think Jeremy did nothing illegal.  However, there are ethical concerns
about patenting anything at all.  It's like:

atomic {

... with rare exceptions.


Powered by blists - more mailing lists