ECC and/or NSA Suite B?
Locked
12
12
 
|
Is anyone working on Suite B stuff?
Rijndael is there, but it probably should be subclassed as AES proper if only to lock down the blocksize to 128 bits and the keysize to the allowed 128 & 256 bits. SHA256 is there, but it doesn't extent to cover the rest of the SHA2 family (SHA384 and SHA512). SHA384 is part of Suite B. Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is more heavily patent-encumbered in the US, I can understand if it's left by the wayside). If not I might take a crack at a couple of pieces. -- Tim _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
Tim,
It's is great to have you working on this. I didn't implement the other SHA protocols because I didn't see much use in them right now, if you have time to do them that would be great. What we really need is a slang implementation of SHA256 so that we can have a squeak plug-in. Krishna was looking into doing it, maybe he could use some help? Have you done any slang programming for squeak? There is an SHA1 slang implementation which should be a very good place to start for the 256 version. I would love to see more elliptic curve cryptography! Please feel free to contribute. I would be happy to add you to the cryptography repository as a developer if you like. What are your squeaksource initials? Ron Teitelbaum Squeak Cryptography Team Leader > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf Of > Cerebus > Sent: Friday, November 24, 2006 1:24 AM > To: [hidden email] > Subject: [Cryptography Team] ECC and/or NSA Suite B? > > Is anyone working on Suite B stuff? > > Rijndael is there, but it probably should be subclassed as AES proper > if only to lock down the blocksize to 128 bits and the keysize to the > allowed 128 & 256 bits. > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > family (SHA384 and SHA512). SHA384 is part of Suite B. > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is > more heavily patent-encumbered in the US, I can understand if it's > left by the wayside). > > If not I might take a crack at a couple of pieces. > > -- Tim > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by cerebus-4
Keep in mind, however, that products violate patent restrictions, not
implementations. Otherwise OpenSSL would not be able to include IDEA, MDC2 or RC5. With all the discussion of FIPS 140, I had assumed that most everyone on the list is working on government contracts. Otherwise, why bother with it? The NSA negotiated a blanket US Federal Government deal for Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... if you're a federal government agency, you get to use these algorithms without having to pay Certicom anything extra. So... if part of what you're hoping to do is to create an ECC implementation that can be used by a federal agency, then you can do so without fear of the Certicom lawyers. Now... the moment the implementation gets used in a commercial product, then you've got issues. On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > Is anyone working on Suite B stuff? > > Rijndael is there, but it probably should be subclassed as AES proper > if only to lock down the blocksize to 128 bits and the keysize to the > allowed 128 & 256 bits. > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > family (SHA384 and SHA512). SHA384 is part of Suite B. > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is > more heavily patent-encumbered in the US, I can understand if it's > left by the wayside). > > If not I might take a crack at a couple of pieces. > > -- Tim > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
I'm not sure I understand this since SUN released ECC to the public domain.
I'll get an opinion on it: > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf Of > Matthew S. Hamrick > Sent: Friday, November 24, 2006 2:07 PM > To: Cryptography Team Development List > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > > Keep in mind, however, that products violate patent restrictions, not > implementations. Otherwise OpenSSL would not be able to include IDEA, > MDC2 or RC5. > > With all the discussion of FIPS 140, I had assumed that most everyone > on the list is working on government contracts. Otherwise, why bother > with it? > > The NSA negotiated a blanket US Federal Government deal for > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > if you're a federal government agency, you get to use these > algorithms without having to pay Certicom anything extra. So... if > part of what you're hoping to do is to create an ECC implementation > that can be used by a federal agency, then you can do so without fear > of the Certicom lawyers. Now... the moment the implementation gets > used in a commercial product, then you've got issues. > > On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > > > Is anyone working on Suite B stuff? > > > > Rijndael is there, but it probably should be subclassed as AES proper > > if only to lock down the blocksize to 128 bits and the keysize to the > > allowed 128 & 256 bits. > > > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > > family (SHA384 and SHA512). SHA384 is part of Suite B. > > > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is > > more heavily patent-encumbered in the US, I can understand if it's > > left by the wayside). > > > > If not I might take a crack at a couple of pieces. > > > > -- Tim > > _______________________________________________ > > Cryptography mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > cryptography > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by cerebus-4
Forgot the link:
http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html Ron > -----Original Message----- > From: Ron Teitelbaum [mailto:[hidden email]] > Sent: Friday, November 24, 2006 2:25 PM > To: 'Cryptography Team Development List' > Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? > > I'm not sure I understand this since SUN released ECC to the public > domain. I'll get an opinion on it: > > > -----Original Message----- > > From: [hidden email] > > [mailto:[hidden email]] On Behalf Of > > Matthew S. Hamrick > > Sent: Friday, November 24, 2006 2:07 PM > > To: Cryptography Team Development List > > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > > > > Keep in mind, however, that products violate patent restrictions, not > > implementations. Otherwise OpenSSL would not be able to include IDEA, > > MDC2 or RC5. > > > > With all the discussion of FIPS 140, I had assumed that most everyone > > on the list is working on government contracts. Otherwise, why bother > > with it? > > > > The NSA negotiated a blanket US Federal Government deal for > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > > if you're a federal government agency, you get to use these > > algorithms without having to pay Certicom anything extra. So... if > > part of what you're hoping to do is to create an ECC implementation > > that can be used by a federal agency, then you can do so without fear > > of the Certicom lawyers. Now... the moment the implementation gets > > used in a commercial product, then you've got issues. > > > > On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > > > > > Is anyone working on Suite B stuff? > > > > > > Rijndael is there, but it probably should be subclassed as AES proper > > > if only to lock down the blocksize to 128 bits and the keysize to the > > > allowed 128 & 256 bits. > > > > > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > > > family (SHA384 and SHA512). SHA384 is part of Suite B. > > > > > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is > > > more heavily patent-encumbered in the US, I can understand if it's > > > left by the wayside). > > > > > > If not I might take a crack at a couple of pieces. > > > > > > -- Tim > > > _______________________________________________ > > > Cryptography mailing list > > > [hidden email] > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > > cryptography > > > > _______________________________________________ > > Cryptography mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
Certicom also holds patents on a number of ECC things (like almost all
of ECMQV and things like point compression). NSA has licensed Certicom's ECC patents en masse for anything done on US Gov't contract. There's a patent letter on the SECG website: http://www.secg.org/ Part of the problem right now is that ECC work is a bit divided, which has made standardization a bit of a pain. -- Tim On 11/24/06, Ron Teitelbaum <[hidden email]> wrote: > Forgot the link: > http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html > > Ron > > > -----Original Message----- > > From: Ron Teitelbaum [mailto:[hidden email]] > > Sent: Friday, November 24, 2006 2:25 PM > > To: 'Cryptography Team Development List' > > Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? > > > > I'm not sure I understand this since SUN released ECC to the public > > domain. I'll get an opinion on it: > > > > > -----Original Message----- > > > From: [hidden email] > > > [mailto:[hidden email]] On Behalf Of > > > Matthew S. Hamrick > > > Sent: Friday, November 24, 2006 2:07 PM > > > To: Cryptography Team Development List > > > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > > > > > > Keep in mind, however, that products violate patent restrictions, not > > > implementations. Otherwise OpenSSL would not be able to include IDEA, > > > MDC2 or RC5. > > > > > > With all the discussion of FIPS 140, I had assumed that most everyone > > > on the list is working on government contracts. Otherwise, why bother > > > with it? > > > > > > The NSA negotiated a blanket US Federal Government deal for > > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > > > if you're a federal government agency, you get to use these > > > algorithms without having to pay Certicom anything extra. So... if > > > part of what you're hoping to do is to create an ECC implementation > > > that can be used by a federal agency, then you can do so without fear > > > of the Certicom lawyers. Now... the moment the implementation gets > > > used in a commercial product, then you've got issues. > > > > > > On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > > > > > > > Is anyone working on Suite B stuff? > > > > > > > > Rijndael is there, but it probably should be subclassed as AES proper > > > > if only to lock down the blocksize to 128 bits and the keysize to the > > > > allowed 128 & 256 bits. > > > > > > > > SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > > > > family (SHA384 and SHA512). SHA384 is part of Suite B. > > > > > > > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV is > > > > more heavily patent-encumbered in the US, I can understand if it's > > > > left by the wayside). > > > > > > > > If not I might take a crack at a couple of pieces. > > > > > > > > -- Tim > > > > _______________________________________________ > > > > Cryptography mailing list > > > > [hidden email] > > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > > > cryptography > > > > > > _______________________________________________ > > > Cryptography mailing list > > > [hidden email] > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography > > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography > Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by msh
On 11/24/06, Matthew S. Hamrick <[hidden email]> wrote:
> With all the discussion of FIPS 140, I had assumed that most everyone > on the list is working on government contracts. Otherwise, why bother > with it? Because it enables its use in products. Without a FIPS certificate, a crypto implementation faces serious hurdles for inclusion in a product (and lately DoD has been cracking down on FIPS waivers). But it's hard to get people to pony up to pay for certification unless there's an immediate use. Chicken, meet egg. :) > The NSA negotiated a blanket US Federal Government deal for > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > if you're a federal government agency, you get to use these > algorithms without having to pay Certicom anything extra. So... if > part of what you're hoping to do is to create an ECC implementation > that can be used by a federal agency, then you can do so without fear > of the Certicom lawyers. Now... the moment the implementation gets > used in a commercial product, then you've got issues. And that's the rub. I'd love to implement something because: 1) I love crypto, and building an ECC implementation would teach me a great deal about it; 2) It gives me a reason to learn Smalltalk, something I've toyed with a dozen times in the past but never made progress at because I had nothing concrete to work on; and 3) It would just be fun. I'm weird that way. But the last thing I want to do is run afoul of Certicom (or cause others to run afoul of them). So, advice? Should I press ahead? -- Tim _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
RE: RE: ECC and/or NSA Suite B?
|
|
In reply to this post by cerebus-4
What has Sun contributed to OpenSSL? I guess my question is this: If there
are version of ECC that are developed and patented by Sun that have been given to the OS communities, either directly or through the OpenSSL license then can we use their implementation? I wouldn't want to post any code that is not open source in our library which would includes IDEA, MDC2 and RC5. If we find that ECC is only available to government users then I suggest we do not include it in our repository, the risk would be too great. What we need to understand is what ECC technology is currently Open Source and can we do our own implementation and distribute it. Ron > -----Original Message----- > From: Cerebus [mailto:[hidden email]] > Sent: Friday, November 24, 2006 2:36 PM > To: [hidden email]; Cryptography Team Development List > Subject: Re: RE: [Cryptography Team] ECC and/or NSA Suite B? > > Certicom also holds patents on a number of ECC things (like almost all > of ECMQV and things like point compression). NSA has licensed > Certicom's ECC patents en masse for anything done on US Gov't > contract. > > There's a patent letter on the SECG website: > > http://www.secg.org/ > > Part of the problem right now is that ECC work is a bit divided, which > has made standardization a bit of a pain. > > -- Tim > > On 11/24/06, Ron Teitelbaum <[hidden email]> wrote: > > Forgot the link: > > http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html > > > > Ron > > > > > -----Original Message----- > > > From: Ron Teitelbaum [mailto:[hidden email]] > > > Sent: Friday, November 24, 2006 2:25 PM > > > To: 'Cryptography Team Development List' > > > Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? > > > > > > I'm not sure I understand this since SUN released ECC to the public > > > domain. I'll get an opinion on it: > > > > > > > -----Original Message----- > > > > From: [hidden email] > > > > [mailto:[hidden email]] On Behalf > Of > > > > Matthew S. Hamrick > > > > Sent: Friday, November 24, 2006 2:07 PM > > > > To: Cryptography Team Development List > > > > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > > > > > > > > Keep in mind, however, that products violate patent restrictions, > not > > > > implementations. Otherwise OpenSSL would not be able to include > IDEA, > > > > MDC2 or RC5. > > > > > > > > With all the discussion of FIPS 140, I had assumed that most > everyone > > > > on the list is working on government contracts. Otherwise, why > bother > > > > with it? > > > > > > > > The NSA negotiated a blanket US Federal Government deal for > > > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > > > > if you're a federal government agency, you get to use these > > > > algorithms without having to pay Certicom anything extra. So... if > > > > part of what you're hoping to do is to create an ECC implementation > > > > that can be used by a federal agency, then you can do so without > fear > > > > of the Certicom lawyers. Now... the moment the implementation gets > > > > used in a commercial product, then you've got issues. > > > > > > > > On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > > > > > > > > > Is anyone working on Suite B stuff? > > > > > > > > > > Rijndael is there, but it probably should be subclassed as AES > proper > > > > > if only to lock down the blocksize to 128 bits and the keysize to > the > > > > > allowed 128 & 256 bits. > > > > > > > > > > SHA256 is there, but it doesn't extent to cover the rest of the > SHA2 > > > > > family (SHA384 and SHA512). SHA384 is part of Suite B. > > > > > > > > > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that ECMQV > is > > > > > more heavily patent-encumbered in the US, I can understand if it's > > > > > left by the wayside). > > > > > > > > > > If not I might take a crack at a couple of pieces. > > > > > > > > > > -- Tim > > > > > _______________________________________________ > > > > > Cryptography mailing list > > > > > [hidden email] > > > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > > > > cryptography > > > > > > > > _______________________________________________ > > > > Cryptography mailing list > > > > [hidden email] > > > > http://lists.squeakfoundation.org/cgi- > bin/mailman/listinfo/cryptography > > > > > > _______________________________________________ > > Cryptography mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography > > _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by Ron Teitelbaum
On 11/24/06, Ron Teitelbaum <[hidden email]> wrote:
> It's is great to have you working on this. I didn't implement the other SHA > protocols because I didn't see much use in them right now, if you have time > to do them that would be great. What we really need is a slang > implementation of SHA256 so that we can have a squeak plug-in. Krishna was > looking into doing it, maybe he could use some help? Have you done any > slang programming for squeak? There is an SHA1 slang implementation which > should be a very good place to start for the 256 version. Never heard of it; thanks for the link. I'll take a look at it. > I would love to see more elliptic curve cryptography! Please feel free to > contribute. I would be happy to add you to the cryptography repository as a > developer if you like. What are your squeaksource initials? Don't have any at the moment. Give me a bit to find some footing and I'll let you know. In the meantime I can route things through you if that's OK. -- Tim _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
RE: Re: ECC and/or NSA Suite B?
|
|
In reply to this post by cerebus-4
>
> So, advice? Should I press ahead? No, let's clarify the license first. Ron > -----Original Message----- > From: > Cerebus > Sent: Friday, November 24, 2006 2:43 PM B? > > On 11/24/06, Matthew S. Hamrick <[hidden email]> wrote: > > > With all the discussion of FIPS 140, I had assumed that most everyone > > on the list is working on government contracts. Otherwise, why bother > > with it? > > Because it enables its use in products. Without a FIPS certificate, a > crypto implementation faces serious hurdles for inclusion in a product > (and lately DoD has been cracking down on FIPS waivers). But it's > hard to get people to pony up to pay for certification unless there's > an immediate use. Chicken, meet egg. :) > > > The NSA negotiated a blanket US Federal Government deal for > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > > if you're a federal government agency, you get to use these > > algorithms without having to pay Certicom anything extra. So... if > > part of what you're hoping to do is to create an ECC implementation > > that can be used by a federal agency, then you can do so without fear > > of the Certicom lawyers. Now... the moment the implementation gets > > used in a commercial product, then you've got issues. > > And that's the rub. I'd love to implement something because: > > 1) I love crypto, and building an ECC implementation would teach me a > great deal about it; > > 2) It gives me a reason to learn Smalltalk, something I've toyed with > a dozen times in the past but never made progress at because I had > nothing concrete to work on; and > > 3) It would just be fun. I'm weird that way. > > But the last thing I want to do is run afoul of Certicom (or cause > others to run afoul of them). > > So, advice? Should I press ahead? > > -- Tim > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
RE: Re: ECC and/or NSA Suite B?
|
|
This is interesting too:
http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf Ron > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf Of Ron > Teitelbaum > Sent: Friday, November 24, 2006 2:55 PM > To: 'Cryptography Team Development List' > Subject: RE: Re: [Cryptography Team] ECC and/or NSA Suite B? > > > > > So, advice? Should I press ahead? > > No, let's clarify the license first. > > Ron > > > -----Original Message----- > > From: > > Cerebus > > Sent: Friday, November 24, 2006 2:43 PM > B? > > > > On 11/24/06, Matthew S. Hamrick <[hidden email]> wrote: > > > > > With all the discussion of FIPS 140, I had assumed that most everyone > > > on the list is working on government contracts. Otherwise, why bother > > > with it? > > > > Because it enables its use in products. Without a FIPS certificate, a > > crypto implementation faces serious hurdles for inclusion in a product > > (and lately DoD has been cracking down on FIPS waivers). But it's > > hard to get people to pony up to pay for certification unless there's > > an immediate use. Chicken, meet egg. :) > > > > > The NSA negotiated a blanket US Federal Government deal for > > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > > > if you're a federal government agency, you get to use these > > > algorithms without having to pay Certicom anything extra. So... if > > > part of what you're hoping to do is to create an ECC implementation > > > that can be used by a federal agency, then you can do so without fear > > > of the Certicom lawyers. Now... the moment the implementation gets > > > used in a commercial product, then you've got issues. > > > > And that's the rub. I'd love to implement something because: > > > > 1) I love crypto, and building an ECC implementation would teach me a > > great deal about it; > > > > 2) It gives me a reason to learn Smalltalk, something I've toyed with > > a dozen times in the past but never made progress at because I had > > nothing concrete to work on; and > > > > 3) It would just be fun. I'm weird that way. > > > > But the last thing I want to do is run afoul of Certicom (or cause > > others to run afoul of them). > > > > So, advice? Should I press ahead? > > > > -- Tim > > _______________________________________________ > > Cryptography mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
RE: RE: ECC and/or NSA Suite B?
|
|
In reply to this post by Ron Teitelbaum
This is interesting too:
http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf This appears to be related to TLS. Ron > -----Original Message----- > From: [hidden email] > [mailto:[hidden email]] On Behalf Of Ron > Teitelbaum > Sent: Friday, November 24, 2006 2:44 PM > To: 'Cerebus'; 'Cryptography Team Development List' > Subject: RE: RE: [Cryptography Team] ECC and/or NSA Suite B? > > What has Sun contributed to OpenSSL? I guess my question is this: If > there > are version of ECC that are developed and patented by Sun that have been > given to the OS communities, either directly or through the OpenSSL > license > then can we use their implementation? > > I wouldn't want to post any code that is not open source in our library > which would includes IDEA, MDC2 and RC5. > > If we find that ECC is only available to government users then I suggest > we > do not include it in our repository, the risk would be too great. > > What we need to understand is what ECC technology is currently Open Source > and can we do our own implementation and distribute it. > > Ron > > > -----Original Message----- > > From: Cerebus [mailto:[hidden email]] > > Sent: Friday, November 24, 2006 2:36 PM > > To: [hidden email]; Cryptography Team Development List > > Subject: Re: RE: [Cryptography Team] ECC and/or NSA Suite B? > > > > Certicom also holds patents on a number of ECC things (like almost all > > of ECMQV and things like point compression). NSA has licensed > > Certicom's ECC patents en masse for anything done on US Gov't > > contract. > > > > There's a patent letter on the SECG website: > > > > http://www.secg.org/ > > > > Part of the problem right now is that ECC work is a bit divided, which > > has made standardization a bit of a pain. > > > > -- Tim > > > > On 11/24/06, Ron Teitelbaum <[hidden email]> wrote: > > > Forgot the link: > > > http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html > > > > > > Ron > > > > > > > -----Original Message----- > > > > From: Ron Teitelbaum [mailto:[hidden email]] > > > > Sent: Friday, November 24, 2006 2:25 PM > > > > To: 'Cryptography Team Development List' > > > > Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? > > > > > > > > I'm not sure I understand this since SUN released ECC to the public > > > > domain. I'll get an opinion on it: > > > > > > > > > -----Original Message----- > > > > > From: [hidden email] > > > > > [mailto:[hidden email]] On Behalf > > Of > > > > > Matthew S. Hamrick > > > > > Sent: Friday, November 24, 2006 2:07 PM > > > > > To: Cryptography Team Development List > > > > > Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > > > > > > > > > > Keep in mind, however, that products violate patent restrictions, > > not > > > > > implementations. Otherwise OpenSSL would not be able to include > > IDEA, > > > > > MDC2 or RC5. > > > > > > > > > > With all the discussion of FIPS 140, I had assumed that most > > everyone > > > > > on the list is working on government contracts. Otherwise, why > > bother > > > > > with it? > > > > > > > > > > The NSA negotiated a blanket US Federal Government deal for > > > > > Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. > So... > > > > > if you're a federal government agency, you get to use these > > > > > algorithms without having to pay Certicom anything extra. So... if > > > > > part of what you're hoping to do is to create an ECC > implementation > > > > > that can be used by a federal agency, then you can do so without > > fear > > > > > of the Certicom lawyers. Now... the moment the implementation gets > > > > > used in a commercial product, then you've got issues. > > > > > > > > > > On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > > > > > > > > > > > Is anyone working on Suite B stuff? > > > > > > > > > > > > Rijndael is there, but it probably should be subclassed as AES > > proper > > > > > > if only to lock down the blocksize to 128 bits and the keysize > to > > the > > > > > > allowed 128 & 256 bits. > > > > > > > > > > > > SHA256 is there, but it doesn't extent to cover the rest of the > > SHA2 > > > > > > family (SHA384 and SHA512). SHA384 is part of Suite B. > > > > > > > > > > > > Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that > ECMQV > > is > > > > > > more heavily patent-encumbered in the US, I can understand if > it's > > > > > > left by the wayside). > > > > > > > > > > > > If not I might take a crack at a couple of pieces. > > > > > > > > > > > > -- Tim > > > > > > _______________________________________________ > > > > > > Cryptography mailing list > > > > > > [hidden email] > > > > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > > > > > cryptography > > > > > > > > > > _______________________________________________ > > > > > Cryptography mailing list > > > > > [hidden email] > > > > > http://lists.squeakfoundation.org/cgi- > > bin/mailman/listinfo/cryptography > > > > > > > > > _______________________________________________ > > > Cryptography mailing list > > > [hidden email] > > > http://lists.squeakfoundation.org/cgi- > bin/mailman/listinfo/cryptography > > > > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by Ron Teitelbaum
There are three primary branches of ECC: even-normal, odd-normal and
ortho-normal. IP covers (I think) ortho- and even-. Sun released (I thought) an implementation of the one that's not covered. Also... Certicom's primary patent is, IMHO, their point-compression patent. Without it, it's hard to make a system that guarantees certain performance requirements. On Nov 24, 2006, at 11:25 AM, Ron Teitelbaum wrote: > I'm not sure I understand this since SUN released ECC to the public > domain. > I'll get an opinion on it: > >> -----Original Message----- >> From: [hidden email] >> [mailto:[hidden email]] On Behalf Of >> Matthew S. Hamrick >> Sent: Friday, November 24, 2006 2:07 PM >> To: Cryptography Team Development List >> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? >> >> Keep in mind, however, that products violate patent restrictions, not >> implementations. Otherwise OpenSSL would not be able to include IDEA, >> MDC2 or RC5. >> >> With all the discussion of FIPS 140, I had assumed that most everyone >> on the list is working on government contracts. Otherwise, why bother >> with it? >> >> The NSA negotiated a blanket US Federal Government deal for >> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... >> if you're a federal government agency, you get to use these >> algorithms without having to pay Certicom anything extra. So... if >> part of what you're hoping to do is to create an ECC implementation >> that can be used by a federal agency, then you can do so without fear >> of the Certicom lawyers. Now... the moment the implementation gets >> used in a commercial product, then you've got issues. >> >> On Nov 23, 2006, at 10:24 PM, Cerebus wrote: >> >>> Is anyone working on Suite B stuff? >>> >>> Rijndael is there, but it probably should be subclassed as AES >>> proper >>> if only to lock down the blocksize to 128 bits and the keysize to >>> the >>> allowed 128 & 256 bits. >>> >>> SHA256 is there, but it doesn't extent to cover the rest of the SHA2 >>> family (SHA384 and SHA512). SHA384 is part of Suite B. >>> >>> Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that >>> ECMQV is >>> more heavily patent-encumbered in the US, I can understand if it's >>> left by the wayside). >>> >>> If not I might take a crack at a couple of pieces. >>> >>> -- Tim >>> _______________________________________________ >>> Cryptography mailing list >>> [hidden email] >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >>> cryptography >> >> _______________________________________________ >> Cryptography mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >> cryptography > > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by Ron Teitelbaum
Great. Do you have a link that talks about what Sun released to the
public domain? On Nov 24, 2006, at 11:25 AM, Ron Teitelbaum wrote: > Forgot the link: > http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html > > Ron > >> -----Original Message----- >> From: Ron Teitelbaum [mailto:[hidden email]] >> Sent: Friday, November 24, 2006 2:25 PM >> To: 'Cryptography Team Development List' >> Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? >> >> I'm not sure I understand this since SUN released ECC to the public >> domain. I'll get an opinion on it: >> >>> -----Original Message----- >>> From: [hidden email] >>> [mailto:[hidden email]] On >>> Behalf Of >>> Matthew S. Hamrick >>> Sent: Friday, November 24, 2006 2:07 PM >>> To: Cryptography Team Development List >>> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? >>> >>> Keep in mind, however, that products violate patent restrictions, >>> not >>> implementations. Otherwise OpenSSL would not be able to include >>> IDEA, >>> MDC2 or RC5. >>> >>> With all the discussion of FIPS 140, I had assumed that most >>> everyone >>> on the list is working on government contracts. Otherwise, why >>> bother >>> with it? >>> >>> The NSA negotiated a blanket US Federal Government deal for >>> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... >>> if you're a federal government agency, you get to use these >>> algorithms without having to pay Certicom anything extra. So... if >>> part of what you're hoping to do is to create an ECC implementation >>> that can be used by a federal agency, then you can do so without >>> fear >>> of the Certicom lawyers. Now... the moment the implementation gets >>> used in a commercial product, then you've got issues. >>> >>> On Nov 23, 2006, at 10:24 PM, Cerebus wrote: >>> >>>> Is anyone working on Suite B stuff? >>>> >>>> Rijndael is there, but it probably should be subclassed as AES >>>> proper >>>> if only to lock down the blocksize to 128 bits and the keysize >>>> to the >>>> allowed 128 & 256 bits. >>>> >>>> SHA256 is there, but it doesn't extent to cover the rest of the >>>> SHA2 >>>> family (SHA384 and SHA512). SHA384 is part of Suite B. >>>> >>>> Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that >>>> ECMQV is >>>> more heavily patent-encumbered in the US, I can understand if it's >>>> left by the wayside). >>>> >>>> If not I might take a crack at a couple of pieces. >>>> >>>> -- Tim >>>> _______________________________________________ >>>> Cryptography mailing list >>>> [hidden email] >>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >>>> cryptography >>> >>> _______________________________________________ >>> Cryptography mailing list >>> [hidden email] >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >>> cryptography > > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
RE: Re: ECC and/or NSA Suite B?
|
|
In reply to this post by cerebus-4
You wrote :
> > 1) I love crypto, and building an ECC implementation would > teach me a great deal about it; > > 2) It gives me a reason to learn Smalltalk, something I've > toyed with a dozen times in the past but never made progress > at because I had nothing concrete to work on; and > > 3) It would just be fun. I'm weird that way. > > But the last thing I want to do is run afoul of Certicom (or > cause others to run afoul of them). > > So, advice? Should I press ahead? Same reason for me to get involved as well ! Interest in crypto as well as a good reason to work on Smalltalk. Just as a POV, it is Ok to develop ECC. It gives us a leg up for our cryptography portfolio. Naturally we would need to figure out the legal issues before making it part of the system; but we would need to do that anyway. So your efforts (if you choose to do so ;o)) will not be wasted. I have been looking at the SHA code towards developing the SHA512 and would welcome you help. We can learn collaboratively ! I was waiting for the holidays to be over before starting in earnest. </KS> Cheers & happy holidays (Just came back from a grueling Black Friday shopping (er .. carrying bags for the better half ...) <k/> _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by cerebus-4
On Nov 24, 2006, at 11:42 AM, Cerebus wrote: > On 11/24/06, Matthew S. Hamrick <[hidden email]> wrote: > >> With all the discussion of FIPS 140, I had assumed that most everyone >> on the list is working on government contracts. Otherwise, why bother >> with it? > > Because it enables its use in products. Without a FIPS certificate, a > crypto implementation faces serious hurdles for inclusion in a product > (and lately DoD has been cracking down on FIPS waivers). But it's > hard to get people to pony up to pay for certification unless there's > an immediate use. Chicken, meet egg. :) > Um... what products? For new products, the US DoD now requires Suite B, not FIPS 140 for SBU. You'll occasionally find a commercial interest like a bank or Fortune 500 that lists FIPS-140 as a requirement, but I've found that in the banking industry, other standards X.<whatever> are more important and in the Credit Card world PCI is WAAAY more important (of course PCI doesn't currently list "approved" ciphers, so I can understand why FIPS-140 is popular as a safe harbor. _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by msh
That's interesting can you provide a link about this information for our
lawyer. It sure looks like sun is providing more then that: Q1: What is Sun contributing to OpenSSL? Sun contributed an implementation of the Elliptic Curve Cryptographic (ECC) technology which is well integrated into the existing OpenSSL source infrastructure. This code enables secure TLS/SSL handshakes using the Elliptic Curve based cipher suites. Sun's contributions to the OpenSSL project include: - Addition of ECC cipher suites based on the current IETF internet-draft, which specifies the use of elliptic curve technology in SSL. - Implementation of the Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol based on ANSI X9.63. - Addition of elliptic curve support over binary polynomial fields and the underlying arithmetic library completing the Elliptic Curve cryptographic library in OpenSSL. Q2: Where can the downloadable code be found? The latest version of the OpenSSL code containing ECC cipher suites can be found at the OpenSSL website: ftp://ftp.openssl.org/snapshot/ The download file is named: openssl-SNAP-20020819.tar.gz or later versions. Q3: What about the standardization of ECC cipher suite? Sun's implementation is based on the current IETF internet-draft which is now available in the IETF repository: http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt This document describes new key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the TLS (Transport Layer Security) protocol. In particular, it specifies the use of Elliptic Curve Diffie-Hellman (ECDH) key agreement in a TLS handshake and the use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new authentication mechanism. Q4: What license is Sun's ECC code contributed under? Sun contributed the ECC code to the OpenSSL project to be licensed under the standard OpenSSL license. Ron > -----Original Message----- > From: > Matthew S. Hamrick > Sent: Friday, November 24, 2006 3:07 PM > > There are three primary branches of ECC: even-normal, odd-normal and > ortho-normal. IP covers (I think) ortho- and even-. Sun released (I > thought) an implementation of the one that's not covered. > > Also... Certicom's primary patent is, IMHO, their point-compression > patent. Without it, it's hard to make a system that guarantees > certain performance requirements. > > On Nov 24, 2006, at 11:25 AM, Ron Teitelbaum wrote: > > > I'm not sure I understand this since SUN released ECC to the public > > domain. > > I'll get an opinion on it: > > > >> -----Original Message----- > >> From: [hidden email] > >> [mailto:[hidden email]] On Behalf Of > >> Matthew S. Hamrick > >> Sent: Friday, November 24, 2006 2:07 PM > >> To: Cryptography Team Development List > >> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? > >> > >> Keep in mind, however, that products violate patent restrictions, not > >> implementations. Otherwise OpenSSL would not be able to include IDEA, > >> MDC2 or RC5. > >> > >> With all the discussion of FIPS 140, I had assumed that most everyone > >> on the list is working on government contracts. Otherwise, why bother > >> with it? > >> > >> The NSA negotiated a blanket US Federal Government deal for > >> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So... > >> if you're a federal government agency, you get to use these > >> algorithms without having to pay Certicom anything extra. So... if > >> part of what you're hoping to do is to create an ECC implementation > >> that can be used by a federal agency, then you can do so without fear > >> of the Certicom lawyers. Now... the moment the implementation gets > >> used in a commercial product, then you've got issues. > >> > >> On Nov 23, 2006, at 10:24 PM, Cerebus wrote: > >> > >>> Is anyone working on Suite B stuff? > >>> > >>> Rijndael is there, but it probably should be subclassed as AES > >>> proper > >>> if only to lock down the blocksize to 128 bits and the keysize to > >>> the > >>> allowed 128 & 256 bits. > >>> > >>> SHA256 is there, but it doesn't extent to cover the rest of the SHA2 > >>> family (SHA384 and SHA512). SHA384 is part of Suite B. > >>> > >>> Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that > >>> ECMQV is > >>> more heavily patent-encumbered in the US, I can understand if it's > >>> left by the wayside). > >>> > >>> If not I might take a crack at a couple of pieces. > >>> > >>> -- Tim > >>> _______________________________________________ > >>> Cryptography mailing list > >>> [hidden email] > >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > >>> cryptography > >> > >> _______________________________________________ > >> Cryptography mailing list > >> [hidden email] > >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > >> cryptography > > > > > > _______________________________________________ > > Cryptography mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > > cryptography > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by msh
On 11/24/06, Matthew S. Hamrick <[hidden email]> wrote:
> Um... what products? For new products, the US DoD now requires Suite > B, not FIPS 140 for SBU. Correct, but Suite B is not an evaluation & certification program. It's a subset of FIPS-certifiable algorithms that NSA has selected for certain purposes. Implementations of Suite B algorithms still must be FIPS 140-2 certified. -- Tim _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by Ron Teitelbaum
On Nov 24, 2006, at 11:43 AM, Ron Teitelbaum wrote: > What has Sun contributed to OpenSSL? I guess my question is this: > If there > are version of ECC that are developed and patented by Sun that have > been > given to the OS communities, either directly or through the OpenSSL > license > then can we use their implementation? > Yes. > I wouldn't want to post any code that is not open source in our > library > which would includes IDEA, MDC2 and RC5. > Some people use SSL with RC5 and many banking applications rely on MDC2. > If we find that ECC is only available to government users then I > suggest we > do not include it in our repository, the risk would be too great. > Why? > What we need to understand is what ECC technology is currently Open > Source > and can we do our own implementation and distribute it. > ECC is not "Open Source." Open Source generally refers to copyrights, not patents. ECC and it's related technologies may be patented, but in general not copyrighted. An implementation of an ECC cryptosystem may be copyrighted, even if it is not patented. By using an open source license, the copyright holder of the implementation may describe rights under which third parties may copy the implementation. So... Even if someone has a copyrighted implementation, you may still be able to use it as part of OpenSSL, if that implementation has been licensed under the appropriate open source license. (look at Borzoi, for instance.) But... if even an open source implementation is put in a product and sold, this is a clear violation of patent. Things get a little murkier when you're including encumbered technology outside of a commercial product. However... if the patent holder issues a royalty-free, non-commercial license (as is the case for IDEA) then I would guess it's okay to produce and distribute an implementation, as long as you don't violate the terms of the non-commercial license. Since the Squeak community is not a commercial entity, I think there's a justification here... In short... many patent-holders have explicitly granted third parties the right to a royalty-free non-commercial license. In these cases it might be useful to include this technology in the repository, but possibly make a default Squeak image without it. (As it's entirely possible that someone may include Squeak in a commercial product.) But the reason you would not want to include encumbered technology in a default squeak image is not because the Squeak community could get in trouble, but because it would require people who want to use Squeak commercially to understand (and possibly remove) code that implements the encumbered technology. > Ron > >> -----Original Message----- >> From: Cerebus [mailto:[hidden email]] >> Sent: Friday, November 24, 2006 2:36 PM >> To: [hidden email]; Cryptography Team Development List >> Subject: Re: RE: [Cryptography Team] ECC and/or NSA Suite B? >> >> Certicom also holds patents on a number of ECC things (like almost >> all >> of ECMQV and things like point compression). NSA has licensed >> Certicom's ECC patents en masse for anything done on US Gov't >> contract. >> >> There's a patent letter on the SECG website: >> >> http://www.secg.org/ >> >> Part of the problem right now is that ECC work is a bit divided, >> which >> has made standardization a bit of a pain. >> >> -- Tim >> >> On 11/24/06, Ron Teitelbaum <[hidden email]> wrote: >>> Forgot the link: >>> http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html >>> >>> Ron >>> >>>> -----Original Message----- >>>> From: Ron Teitelbaum [mailto:[hidden email]] >>>> Sent: Friday, November 24, 2006 2:25 PM >>>> To: 'Cryptography Team Development List' >>>> Subject: RE: [Cryptography Team] ECC and/or NSA Suite B? >>>> >>>> I'm not sure I understand this since SUN released ECC to the public >>>> domain. I'll get an opinion on it: >>>> >>>>> -----Original Message----- >>>>> From: [hidden email] >>>>> [mailto:[hidden email]] On Behalf >> Of >>>>> Matthew S. Hamrick >>>>> Sent: Friday, November 24, 2006 2:07 PM >>>>> To: Cryptography Team Development List >>>>> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B? >>>>> >>>>> Keep in mind, however, that products violate patent restrictions, >> not >>>>> implementations. Otherwise OpenSSL would not be able to include >> IDEA, >>>>> MDC2 or RC5. >>>>> >>>>> With all the discussion of FIPS 140, I had assumed that most >> everyone >>>>> on the list is working on government contracts. Otherwise, why >> bother >>>>> with it? >>>>> >>>>> The NSA negotiated a blanket US Federal Government deal for >>>>> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. >>>>> So... >>>>> if you're a federal government agency, you get to use these >>>>> algorithms without having to pay Certicom anything extra. So... if >>>>> part of what you're hoping to do is to create an ECC >>>>> implementation >>>>> that can be used by a federal agency, then you can do so without >> fear >>>>> of the Certicom lawyers. Now... the moment the implementation gets >>>>> used in a commercial product, then you've got issues. >>>>> >>>>> On Nov 23, 2006, at 10:24 PM, Cerebus wrote: >>>>> >>>>>> Is anyone working on Suite B stuff? >>>>>> >>>>>> Rijndael is there, but it probably should be subclassed as AES >> proper >>>>>> if only to lock down the blocksize to 128 bits and the keysize to >> the >>>>>> allowed 128 & 256 bits. >>>>>> >>>>>> SHA256 is there, but it doesn't extent to cover the rest of the >> SHA2 >>>>>> family (SHA384 and SHA512). SHA384 is part of Suite B. >>>>>> >>>>>> Is anyone working on ECDSA, ECDH & ECMQV? (Well, given that >>>>>> ECMQV >> is >>>>>> more heavily patent-encumbered in the US, I can understand if >>>>>> it's >>>>>> left by the wayside). >>>>>> >>>>>> If not I might take a crack at a couple of pieces. >>>>>> >>>>>> -- Tim >>>>>> _______________________________________________ >>>>>> Cryptography mailing list >>>>>> [hidden email] >>>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >>>>>> cryptography >>>>> >>>>> _______________________________________________ >>>>> Cryptography mailing list >>>>> [hidden email] >>>>> http://lists.squeakfoundation.org/cgi- >> bin/mailman/listinfo/cryptography >>> >>> >>> _______________________________________________ >>> Cryptography mailing list >>> [hidden email] >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ >>> cryptography >>> > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
|
|
In reply to this post by cerebus-4
I have a SHA256 implementation kicking around somewhere. It's
licensed under a BSD license, so it's unlikely to be useful for this project. But... feel free to look at it. http://minnow.cc.gatech.edu/squeak/3253 On Nov 24, 2006, at 12:09 PM, Krishna Sankar wrote: > You wrote : >> >> 1) I love crypto, and building an ECC implementation would >> teach me a great deal about it; >> >> 2) It gives me a reason to learn Smalltalk, something I've >> toyed with a dozen times in the past but never made progress >> at because I had nothing concrete to work on; and >> >> 3) It would just be fun. I'm weird that way. >> >> But the last thing I want to do is run afoul of Certicom (or >> cause others to run afoul of them). >> >> So, advice? Should I press ahead? > <KS> > Same reason for me to get involved as well ! Interest in crypto as > well as a good reason to work on Smalltalk. > > Just as a POV, it is Ok to develop ECC. It gives us a leg up for our > cryptography portfolio. Naturally we would need to figure out the > legal > issues before making it part of the system; but we would need to do > that > anyway. So your efforts (if you choose to do so ;o)) will not be > wasted. > > I have been looking at the SHA code towards developing the SHA512 > and would welcome you help. We can learn collaboratively ! I was > waiting for > the holidays to be over before starting in earnest. > </KS> > > Cheers & happy holidays (Just came back from a grueling Black Friday > shopping (er .. carrying bags for the better half ...) > <k/> > > _______________________________________________ > Cryptography mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ > cryptography _______________________________________________ Cryptography mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography |
«
Return to Squeak - Cryptography
|
1 view|%1 views
| Free forum by Nabble | Edit this page |