riordanmr@clvax1.cl.msu.edu (Mark Riordan) (04/04/91)
In article <1991Apr3.070045.22296@nntp-server.caltech.edu>, madler@nntp-server.caltech.edu (Mark Adler) says: >>> Although the PKZIP feature is fast >>> and convenient, when I want real security I encrypt the entire .ZIP >>> archive with DES. > >Sounds pretty secure. Then again, I'm not sure I'd trust any encryption >method that was approved by the NSA. Especially since they will not say >how the various arbitrary-looking bit flipping was derived. > >Is there any source out there for RSA encryption? I have written a simple implementation of RSA, but I've been advised not to distribute it due to the possibility of "inciting infringement" of RSA's patent. Obviously, any other source of RSA source code would have the same problem. DEC and RSA have an agreement that allows them to distribute the source to Sphinx (see my recent posting) for demo purposes only (or something like that). The source to an RSA implementation is available as an optional part of that distribution. If your interest in RSA is due to the desire for a replacement for DES and not due to an interest in public key systems, obviously there are many alternatives which are faster and less legally encumbered than RSA. Snuffle (based on Snefru), and Khufu come to mind, and I'm sure there are many others. Mark Riordan Mich State University riordanmr@clvax1.cl.msu.edu
schneier@cbnewsb.cb.att.com (bruce.schneier) (04/04/91)
In article <1991Apr3.175611.29439@msuinfo.cl.msu.edu>, riordanmr@clvax1.cl.msu.edu (Mark Riordan) writes: > In article <1991Apr3.070045.22296@nntp-server.caltech.edu>, madler@nntp-server.caltech.edu (Mark Adler) says: > >Is there any source out there for RSA encryption? > > I have written a simple implementation of RSA, > but I've been advised not to distribute > it due to the possibility of "inciting infringement" of RSA's > patent. Obviously, any other source of RSA source code > would have the same problem. > Check your patent law; algorithms cannot be patented. Particular implementations can be patented and source code can be copyrighted, but that's about it. If you have your own source code implementation of the RSA algorithm, you will not be infringing on RSA in the least. Is there anyone from RSA reading this who cares to comment? -Bruce Schneier AT&T Bell Labs schneier\@ihlpl.att.com