lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 23:44:35 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] patents

On 2015-07-18 22:11, Solar Designer wrote:
>> I see Jeremy claims to have invented this in 2012, after the Linked-In
>> hack.  I find this plausible, because I independently worked hard on the
>> password security problem at the same time for the same reason.  My
>> invention was to use a lot of memory with random  read-writes :-)  I'm
>> always a few years too late...
>>
>> However, giving him this benefit of the doubt, didn't he see that you published
>> it in 2012
>> <http://www.openwall.com/presentations/ZeroNights2012-New-In-Password-Hashing/>?
>
> He did.  Jeremy claims to have independently arrived at this in July
> 2012, but intentionally not publishing it yet for the purpose of
> patenting it.  I find this plausible.

I thought that, for a patentability, only the situation at the moment of 
filing patent application matters, no?

>> I will prefer to believe this is a simple mistake by Jeremy for now.
>> However, it looks pretty bad.
>
> It did look pretty bad to me in this way at first, but Jeremy managed to
> convince me it was in fact independent discovery, a few months before my
> ZeroNights talk.  What still looks bad to me is the very fact this
> useful stuff is patented (although the patent might be fully or
> partially invalid due to other prior art).
>
> I think Jeremy did nothing illegal.

Like knowing a specific piece of prior art and intentionally not 
disclosing it? Hm.

Anyway, you could consider contacting someone from the following projects:

http://www.linuxdefenders.org/
https://www.openinventionnetwork.com/
https://www.eff.org/patent-busting
http://www.linuxfoundation.org/programs/legal/osapa

Perhaps start here:

http://en.swpat.org/wiki/What_to_do_if_worried_by_a_software_patent

-- 
Alexander Cherepanov

Powered by blists - more mailing lists