Windows Authentication/Passwords
Mac Reiter
MacReiter "at" bigfoot.com
Fri, 07 Aug 1998 16:47:34 +0000
Ah, I see your point -- kinda like enforcing the patent on using XOR to
draw and erase crosshair cursors (another startling, true, and stupid US
patent).
I'm not sure how triple DES compares to the DES that they keep having key
breaking parties with, but that one is being broken in ludicrously short
time periods. I tend to lean toward anything based on the Russian's RSA
equivalent. RSA has never been proven to be mathematically difficult to
break -- we suspect that it is, but we don't know for certain that a simple
scheme doesn't exist that would allow a box like the one in the movie
Sneakers to be built. The Russian version, on the other hand, is provably
difficult. For any bit length, you can calculate the absolute minimum
number of operations required to break it, no matter how you wish to try
doing it. You might be able to parallelize, but the same number of
operations must be done. This allows you to figure out exactly how long
your encrypted data is safe, based on the key length and the computational
firepower of the people who are trying to crack it.
It also, as mentioned, is freely usable anywhere in the world.
And it probably annoys the heck out of the people who want encryption key
escrow...
Anyway, my 2 cents worth,
Mac
At 04:14 PM 8/7/98 +0100, Alan Cox wrote:
>> I'm not sure thats correct. I was watching CSPAN the other day when
>> they had a head to head between one of the RSA guys, an FBI guy and some
>> others, and the FBI guy was saying that it is perfectly acceptable to
>> import 128-bit encryption (he specifically mentioned a Russian version.)
>> The restrictions are only on exports, internally we can use anything we
>> want. Period.
>
>US copyright and patent law applies in all US cases even though much of it
>is so screwball the rest of the world wouldnt accept it ;)
>
>In the US the RSA algorithm, although simply a statement of mathematics was
>patented and the patent permitted by the idiots at the USPO. So you are
>required to obtain appropriate patent licenses for all non research use
>(and other patent exemptions).
>
>You can use any encryption that isnt patented (elliptic curve for most cases
>for example) in the USA but should note that there are additional
>restrictions on federally funded networks currently being proposed.
>
>If you want to put an encryption system in VNC which is patent free and
>fairly effective then triple DES is probably the obvious one.
>
>Alan
>
>---------------------------------------------------------------------
>The VNC mailing list - see http://www.orl.co.uk/vnc/intouch.html
>---------------------------------------------------------------------
>
>
---------------------------------------------------------------------
The VNC mailing list - see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------