lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 19 Jul 2015 23:17:28 +0300
From: Alexander Cherepanov <>
Subject: Re: [PHC] patents

On 2015-07-19 17:21, Solar Designer wrote:
> On Sat, Jul 18, 2015 at 11:44:35PM +0300, Alexander Cherepanov wrote:
>> On 2015-07-18 22:11, Solar Designer wrote:
>>> Jeremy claims to have independently arrived at this in July
>>> 2012, but intentionally not publishing it yet for the purpose of
>>> patenting it.  I find this plausible.
>> I thought that, for a patentability, only the situation at the moment of
>> filing patent application matters, no?
> Yes, and Jeremy told me (in the recent discussion) that he had submitted
> a provisional application in July 2012, which already covered the
> re-focusing / reuse of the term "blind hashing" from what he had blogged
> earlier (obese database filled with mostly fake hashes) to what he ended
> up patenting.  In the discussion this year, Jeremy sent me a copy of the
> provisional application, which I took a brief look at - and it appeared
> consistent with what he said.

Ok, it was not clear to me from other emails in the thread.

>>> I think Jeremy did nothing illegal.
>> Like knowing a specific piece of prior art and intentionally not
>> disclosing it? Hm.
> The provisional application is July 2012.
> My ZeroNights talk is November 2012.

That's a pity.

>> Anyway, you could consider contacting someone from the following projects:
>> Perhaps start here:
> What would my intent of contacting them be?

To get an insight into their experience in this area. From other emails 
in the thread it looked like there is a prior art in this case and IIUC 
the orgs in the list above are dealing with a lot of it. I think they 
could also provide advice on the further actions like "don't 
read/discuss the patents" (to minimize potential for willful 
infringement) or "continue as if there are no these patents" (on the 
premise that enforcement of these patents is unlikely due to potential 
bad PR or to possibility to loose the patent completely in case of 
litigation because of the prior art).

I have never interacted with these orgs regarding such matters so this 
is pure speculation.

> BTW, Openwall has been a member (licensee) of OIN (the 2nd URL above)
> for many years now.


Alexander Cherepanov

Powered by blists - more mailing lists