Is the RSAs Loss Everyone's Gain? 136
Rafael sent us a story over at ZD Net about RSAs Patents Expiring later this year. It talks about what it is likely to mean to us. Among other things, cheaper and more common encryption.
It is clear that the individual who persecutes a man, his brother, because he is not of the same opinion, is a monster. - Voltaire
One thing you "alternative" guys are missing... (Score:1)
Good riddance- I respect R S and A, but.. (Score:1)
Re:Flat Earth [was: Why cheaper?] (Score:1)
Re:A remarkable expiry (Score:1)
Another unfortunate thing is, that the field of ECC is also littered with patents.
See e.g. US patent 5146500 and those which reference this one.
Peeter
Re:Proof? Here's a little proof! (Score:1)
Any number times 2 will be either 0, 2, or 4 modulo 6.
Any number times 3 will be either 0 or 3 modulo 6.
So any number that equates to 0, 2, 3, or 4 modulo 6 will of necessity be a composite number, which means that any possible primes will be either 1 or 5 modulo 6, q.e.d.
This unfortunately doesn't tell you WHICH numbers in that series will be prime -- only that those are the only ones you need to look at.
Posting anonymously today because I'm moderating, and this thread looks like it could have some interesting stuff.
Re:Proof? (Score:1)
:)
Re:Symmetric algorithms using prime numbers (Score:1)
Re:Is widespead commercial use really safe or chea (Score:1)
Is there a higher cost associated with using these products? i.e. now your email client can have RSA built in but the cost of the security is passed on to the consumer.
It was free (using existing free libraries), and it will remain free (using the same free libraries). It only changes one thing -- now every individual had to download them from abroad because RSA had no resources to prosecute against users but could prosecute against distributors. When patents will expire distributors will include everything in their CDs/ FTP sites/whatever, so users will get everything from them.
As for commercial software -- what commercial software? Who in his right mind will use encryption products that don't pass through scrutiny that only open source makes possible?
Re:P = NP? (Score:1)
It is one of the very few candidates for problems neither in P nor in NPC, but proving it to be in P will not collapse NP to P. Proving that there is no problem in (NP\NPC)\P, however, will show that P==NP.
Unfortunately, this does not seem to be easy.
Re:A remarkable expiry (Score:1)
Not necessarily. If the lower complexity bound for a given NP problem turns out to be O(P(n)^2012) instead of O(2^Q(n)) (for some poynomials P and Q), most problems will still be "hard" to crack in the practical sense.
Re:OpenSSL vs. Stronghold, as regards RSA (Score:1)
I was replying in the context of free software, not commercial software.
I would expect that Red Hat and Covalent did the same thing that Stronghold did -- obtain a license from RSAData for the RSA patent. I couldn't find much information on Red Hat's New & Improved website about the Red Hat Secure Web Server, other than it's included with Red Hat Linux 6.1 Professional.
Re:It probably will make no noticable difference (Score:1)
Re:OpenSSL vs. Stronghold, as regards RSA (Score:1)
That's why I bought a copy of RedHat 6.1, which includes a single RSA license for use with Apache.
Jeff
Re:OpenSSL vs. Stronghold, as regards RSA (Score:1)
Re:It probably will make no noticable difference (Score:1)
Then again, if it was encrypted how would you determine the trivalness of the message without unencrypting and reading it?
Perhaps you have a function T(c) = x, 0 = x = 1, which produces a scalar value of trivialness for a given ciphertext. If so, would this provide a potential attack exist against RSA based on spam and Usenet top 10 lists?
Re:Do you place a dollar value on your privacy? (Score:1)
Re:Do you place a dollar value on your privacy? (Score:1)
urgh, sorry. sometimes i type faster than i think. my apologies for that comment...
i see what you're saying about RSA. there are a lot of reasons a free RSA is a good thing. i do agree that it will help spread the use of strong encryption, and i really can't argue with that. however, DH is just as good a solution -- arguably better. i think RSA is strong today, but is rapidly becoming weaker. if the only use of RSA is legacy systems, then it's great. i just don't think it is a wise idea to continue using it for mission critical needs.
this whole discussion is probably academic, though. personally, i think that ECC is going to be come a defacto standard in the next few years, after it has had more analysis. it eliminates the need for the mammoth keys required for RSA and DH. unfortunately, ECC seems to have just as many patent problems as RSA, so we're back to square one. woops.
later,
ian
Is widespead commercial use really safe or cheap? (Score:1)
Is there a higher cost associated with using these products? i.e. now your email client can have RSA built in but the cost of the security is passed on to the consumer.
I wonder who will make the most money on the pre-fab tool kits and libraries for this stuff...
Also, is RSA still considered an acceptable level of safety? Or is it just going to be the latest way to jack up the price on software?
http://www.mp3.com/fudge/ [mp3.com]
Re:Proof? (Score:1)
Post it to the sci.crypt [sci.crypt] USENET group.
--
Re:Proof? Here's a little proof! (Score:1)
Take any product P*Q = N(P and Q both prime)
This is always true:
(N+1) MOD 6 == 0 or
(N-1) MOD 6 == 0
Trivial counterexample: P=2, Q=3, giving N=6.
Neither 7 MOD 6 == 0, nor 5 MOD 6 == 0.
Q.E.D.
--
Re:Do you place a dollar value on your privacy? (Score:1)
Do you place a dollar value on your privacy? (Score:1)
Either way, if it were up to me, I'd definetly choose an RSA/Triple DES combo. They're to two most widely used algorithms, which would seem to mean that they're the largest targest, and they've stood pretty strongly.
I'm partially disappointed that I even have to have a Diffie Hellman key, but according to the PGP docs, that's about the only way to communicate with users of other products, thanks to that patent.
I'd strongly encourage everyone to upgrade to PGP 6.5 now, and a free alternative later, if you don't like giving your money to evil software companies that only care about profits (Me, I gladly for it over). In 8 months, unless a weakness is found, there really will seem to be no reason to use anything but RSA in PKI products.
Re:Do you place a dollar value on your privacy? (Score:1)
RSA is much more widely used in commercial apps than DH. From what I've read, most, if not all of, the largest financial institutions depend on RSA, not DH. Therefore, RSA's presented a much larger target for a much longer period and is still standing. With encryption products, I've always heard that the best theory is "If it's not broken, don't fix it."
There's been much grumbling around here about RSA's patent interfereing with product development, etc. On one hand people say it sucks, and on the other, they want to use it in their products. If RSA did suck, no one would care that the patent is expiring. But they do. Why discourage people from using it once it passes into the public domain?
People can factor quicker and quicker, (or actually, computers can), but RSA's simply been increasing it's key length as time goes by. Unless a real breakthrough occurs that nullifies key lengths altogether, RSA appears rather safe.
That's my two cents.
OpenSSL vs. Stronghold, as regards RSA (Score:1)
From what I can tell, the openSSL version is going to be a better choice -- especially considering how much easier it is to build heavily modified versions of apache if one stays with exclusively open source/GPL'd components.
However, I'm a little worried that the openSSL version is using the RSA algorithm and that we could be violating their patent if we start using this commercially. It seems that all c2net Stronghold offers is the fact that they went through the hassle of licensing the RSA code.
My question is do we need it anyway, or are we fine using mod_ssl/openSSL?
Except that 13*67 = 871... (Score:1)
Let this be a lesson (Score:1)
This is poor poor logic (Score:1)
If it is an important matter of National Security, then they are more likely to take the patent away, than allow a single entity to control it.
Why on earth would 'national security' (a bogus term usally interpreted as serving the needs of the power/wealth elite) rely on RSA owning the patent.
Re:Proof? Here's a little proof! (Score:1)
Re:Proof? Here's a little proof! (Score:1)
Re:RSA first invented by the British (Score:1)
The whole idea of public key encryption was revolutionary at the time, and it took a long time to progress from the theory to an actual algorithm that worked.
Re:RSA first invented by the British (Score:1)
oops. sorry, you're right.
Re:RSA first invented by the British (Score:1)
In the end, it comes down to trust and fear. Using a balance of terror, and not trusting people (ie: by making sure it's easy to read their email, etc) leads to more trouble than it is worth..
---
Re:Proof? Here's a little proof! (Score:1)
Not sure how this helps crack the RSA's prime encryption technique, though. Doesn't cracking the scheme (if N*M=P) force you to find N and M, if given P (N and M prime, here)? Knowing that N*M +/- 1 mod 6 is 0, how does that help? I know nothing about these encryption methods, though.
Re:Symmetric algorithms using prime numbers (Score:1)
and be sure to use ROT-13 twice--using it more than once will increase the number of times your attacker will have to attempt a crack, and thus increase its strength!
*ducks*
Re:RSA for Dummies (Score:1)
Oh yes it was. I'm a big dummy, and I basically understood all that.
A big thanks for posting that BTW. You deserve some serious karma points, unlike all the retards (including myself) posting replies to this story.
Proof? (Score:1)
Re:Patents (Score:1)
- Mike Roberto
-- roberto@apk.net
--- AOL IM: MicroBerto
Re:More than you wanted to know about copyright te (Score:1)
No, the purpose of copyright in the constitution is to protect artists. Science and technology are protected by the limited monopolies covered by patents, but artists are provided with a very long monopoly because of the durability of their works and the likelihood that their opportunity cost of producing them will not usually be recovered in a few years. The original copyright was for around 50 years.
Software has now presented us with a problem, where it would be more efficient if software lost its copyright within a few years, like 5 or 6. I think that, in many cases, people would have preferred to modify FoxPro 2.6 to suit their needs rather than figure out what to do as dos gets slower and less reliable on their windows-only machines. Software companies either make an economic profit within a few years or they do not make it at all; Moore's law dictates this.
Instead of telling us about H1-B visas and protecting monopolies, the "technology savvy" presidential candidates should be trying to win votes by emending copyright and patent law for the software industry.
Another article on "RSA Day" and its implications (Score:1)
Re:Proof? Here's a little proof! (Score:1)
Take any product P*Q = N(P and Q both prime)
This is always true:
(N+1) MOD 6 == 0 or
(N-1) MOD 6 == 0
-- check it, and keep yer karma points!
YOU CAN USE THIS FOR A NUMMERICAL DETERMINATION!
Re:Proof? Here's a little proof! (Score:1)
17*11 = 187
187-1 = 186 ==> 186 / 6 = 31... 186 MOD 6 == 0
voila!
Re:Proof? Here's a little proof! (Score:1)
And that's exactly wat this is all about!!!
And if you now the whole story, you can think of an algorithmn which solves the prime-number problem in RSA!!!
Re:Proof? Here's a little proof! (Score:1)
Re:Proof? Here's a little proof! (Score:1)
The numbers:
a0 a1 a2 a3 a4 a5 a6
a1 = a0+1, a2=a0+2 etc.
a0 - divisible by 6
a1 - odd
a2 - divisible by 2
a3 - divisible by 3
a4 - divisible by 2
a5 - odd
a6 - divisible by 6
a1 and a5 are either composite prime numbers, or they're prime.
so any P*Q = N ===> all P,Q and N are either any a1 or a5...
I'll maybe post some more later, I'm now going home from work...
A way to crack the prime-thing (Score:1)
Take P and Q being prime, the product is N.
From previous posts in this thread we see that all of these numbers have a neighbour divisible by 6.
This can either be P-1 or P+1, Q-1 or Q+1 and N-1 or N+1
Taking the square root of N we get a number which is between P and Q, and closest to the lower of the two
So how do we find out which primes P and Q are? The mathematical problem here is that we can't build a numerical method which is designed to reduce certain difference.
So we're not directly going to look for P and Q, we're going to look for the 6-neighbours.
Suppose we'd have 17 * 11, we have the neighbours 18 and 12, dividing by 6 we get 3 and 2.
3*2 = 6, so the idea is to find 6 as a starting point.
6 * 36 = 216, 18*12 = 216, 17*11 = 187. 180 is the first factor of 36 smaller than 187.
In this case, 180 is our first starting point. We divide by 36 to get 5, we then try to find two factors making 5 (which we don't find)
If we desing this function propperly we do get a minimum and a maximum closest to 187.
Next we must determine our new starting point, which is in this case 180+36 = 216. We then found the neighbours, we then found the primes.
Determining the starting point is the part I'm still stuck with but hey, I'm not spending all my time on this thing.
Only thing I know is that the difference by the first and final start points is caused by the distance between P and Q!
The routine which looks for two factors of the starting point / 36 can be speeded up because we're looking for neighbours, so if we don't find the neighbours, we will find a difference.
Suppose starting point x (already divided by 36):
suppose f1 * f2 == x.
for the difference we determine the closest to the prime by (( f1 +/- 1 ) * 6) * (( f2 +/- 1) * 6)
If we have this minimal diffrence m and maximum difference M, the looping factor (i.e.) can be lowered by (M - m) / 36.
I have tried more like lowering with m / 36, sqrt(m) etc.
This decreasion number speeds up finding of the neighbours, so we're not stuck with the same PQ-problem in a different outfit!
Because the function is designed to do a numerical determination of P and Q, the function can be made very fast.
In one of my test cases, My program only needed 6 iterations to determine 641 * 13 (or something like that).
Thanks for belief (Score:1)
Re:Proof? (Score:1)
I'm now trying to find contacts in the mathematical world, and at this moment, I don't know how and where to publish the source code, I don't have a home-page right now, I should make one because explaining the algorithmn needs some more information.
Re:Good riddance- I respect R S and A, but.. (Score:1)
The judge dismissed the Imatec patent lawsuit against Apple saying Imatec didn't own the patents and ColorSync didn't infringe on them anyway.
Re:Proof? Here's a little proof! (Score:1)
Take any number x not divisible by two or three.
x mod 6 cannot be 0 or 2 or 4 (divisible by 2) or 3. It must be 1 or 5. Regardless of how many prime numbers make up x. QED
This has of course nothing to do with RSA. You fail to show how you make the factorization of N anything less than a O(sqrt(N)) problem
- Alex
Re:Proof? Here's a little proof! (Score:1)
RSA would never use a prime number so small as 2 or 3.
That is just plain wrong. You can freely multiply your modulo with 2^n to conveniently align it for easier modulo-multiplication (E.g. w/ Barrett's algorithm). The number you need to know to decrypt is the product of all (prime factors - 1) so multiplying by two changes nothing. (Not even the space of originial data where encryption is bijective)
- Alex
Re:Why cheaper? (Score:1)
With crptographic algorithms, older is better, because with an old algorithm, more people have had more time to find holes in it, and if they haven't then that means that the probability of someone finding a hole in the future is lower.
If anyone cracks the primes problem, RSA is dead in the water. Instantly. No matter how "robust" it's been.
There are many more ways in which one specific crypto algorithm can have weaknesses.
And if someone actually found a fast way to factorize large numbers, then not only is RSA "dead in the water" but also pretty much every single other widely-used crypto algorithm.
Re:Why cheaper? (Score:1)
Actually, no. It wouldn't affect symmetric algorithms or elliptic curve public-key algorithms at all, and it would (probably) only affect Diffie-Hellman if the technique also solved discrete logarithms quickly.
j
"It's not whether or not you're paranoid. It's whether or not you're paranoid enough."
Re:Why cheaper? (Score:1)
Re:A way to crack the prime-thing (Score:1)
Drnomad appears to be a crank; it's not worth any more of my time to wade through the stuff he pours out.
Re:RSA first invented by the British (Score:1)
Bletchley Park of all people should know not to rely on the secrecy of the algorithm.
Other covering/blocking patents? (Score:2)
Being vaguely familiar with how patents work, I did a search at the IBM Patent server (http://www.patents.ibm.com/ [ibm.com]) under the Boolean search tool for "public & key & encryption". This matched 266 items, including items for:
...etc. I'm not saying that each of these is a relevant or blocking patent, but the search space here is huge. It's also possible that there are relevant patents which don't contain the keywords used in my search.
Granted that the search tools are primitive, but is anyone aware of any key patents covering public key encryption as related to web servers, e-commerce, business models, or any related type applications which could still effectively limit access to RSA PKI security for practical purposes?
What part of "Gestalt" don't you understand?
Re:A remarkable expiry (Score:2)
Consider that the use of the Knapsack Problem for encrypting messages was arrived at around the same time, and it turned out to be vulnerable to attack.
With lots of people working on factoring, it would not be overly peculiar for vulnerabilities to have turned up by this time.
P can still be big (Score:2)
I suspect that you are mistaking Not in NP for meaning easy to solve.
Not in NP appears to be a necessary condition for something to be an "easy solve." It is not a sufficient condition for that purpose.
Spewing claims (Score:2)
However, he also suggested the possibility of a substantial result in number theory in the area of factorization. That is another unpredictable possibility that is as "likely" to result in an RSA crack. And while it's not a new insight, the combination is reasonably sound.
Re:There's no need to use RSA - wrong! (Score:2)
One word: Interoperability
In the commercial workplace environment (ie: large corporations) there's only one standard for encryption: RSA. If you're using encrypted email, you're using S/MIME, which depends upon RSA (and their whole PKCS toolkit). If you're using secure web servers, you're using SSL2, which depends upon RSA. When you get an encryption-enabled web browser (be it Netscape or Internet Exploder) you depend upon RSA. Period.
If you want to develop software that plays in a commercial environment, first you have to be interoperable with the existing standards, then you can think about branching out and establishing new standards. Look at Samba -- much as I dislike Microsoft's SMB network protocol, it's a de facto standard -- and Unix computers couldn't easily participate in a Microsoft network without Samba. It's the same problem for encryption -- you have to be interoperable with what already exists in the organization, and that's RSA.
Don't get me wrong -- PGP/GPG is good technology -- but using PGP/GPG in conjuction with a seperate email package is a lot harder than using a mail client with built-in encryption, and people want email to be simple, and they want it to act the same across all platforms. The biggest advantage Netscape's Communicator has/had was that no matter how lame the email client, it worked the same for Windows, Unix, and Macs ... and all of them used RSA encryption.
The good thing about the patent expiring is that packages like OpenSSL will be able to be used universally, instead of just outside of the US. It also means that the open software community can have secure encryption without the security holes that are introduced by the RSA reference implementation (RSAREF) -- see BugTrak for details.
Re:OpenSSL vs. Stronghold, as regards RSA (Score:2)
IANAL, but my understanding is that...
In the United States...
between now and September 20, 2000...
if you use mod_ssl/openSSL...
and it wasn't built using the RSAREF toolkit,
Then you'll be in violation of the RSA patent, and subject to legal action, and should use Stronghold instead.
In the United States...
between now and September 20, 2000...
if you use mod_ssl/openSSL...
and it was built using the RSAREF toolkit...
and you're using it for commercial activities...
Then you'll be in violation of the RSA patent, and subject to legal action, and should use Stronghold instead.
Otherwise, you're OK.
Re:Proof? Here's a little proof! (Score:2)
For all P & Q greater than 3, one of the following is always true:
RSA (and most other public key algorithms) depend on the difficulty of factoring sums of large prime numbers. So, if you can come up with a convenient, low cost way to factor these sums, you can in theory crack RSA.It is perfectly conceivable that the above numerical relationship could be used to come up with an easy way to factor these sums. Does that mean RSA is cracked? Hardly. It just means that what DrNomad is saying makes /some/ sense. And the counterexamples that people have posted are irrelevant since RSA would never use a prime number so small as 2 or 3.
Re:Proof? Here's a little proof! (Score:2)
Re:Why cheaper? (Score:2)
Re:More RSA cracking efforts (Score:2)
I guess we'll see... It'd be scary if September 21st they announced that even 4096 bit keys were vulnerable, but their new patented algorithm, RSA2, did not have those vulnerabilities.
Re:Just in time for Quantum computing (Score:2)
There are people out there using all sorts of esoteric machines to make quantum gates. At the moment a hundred gates is a large infrastructure, but with advances like the quantum resivor from Lucent these could be done in a LSI type circuit in the not to distant future.
Fortunatly no one has shown equivalent work for Fiestel (sp?) networks that most symmetric block ciphers are based on, and stream ciphers tend also be safe if used properly. I just haven't seen a PKI that doesn't have something on the horizon that break it.
Just in time for Quantum computing (Score:2)
Maybe we should start looking at that IBM algorithm that they claim is provably difficult.
More RSA cracking efforts (Score:2)
Re:Yeah man, who needs SSL in common browsers? (Score:2)
Actually, IPsec is a protocol and not a cipher. It provides means for doing "secure" IP and may use a wide range of ciphers and hashes to provide various services. I don't really see IPsec providing services similar to SSL anytime soon, but the comparison is more of an apples-oranges comparison.
BSAFE Source (Score:2)
'RSA source code'? Any source code developed by RSA Security is still their property regardless of the status of the algorithm patent. We will not suddenly be able to copy BSAFE just because the patent on the mathematical process has expired.
If you're reimplementing BSAFE you'd better be careful NOT to look at the 'RSA source code' or you could find yourself in court.
(I don't work for or even LIKE RSA Security)
You still have to get past export restrictions (Score:2)
Re:Proof? Here's a little proof! (Score:2)
This is always true:
(N+1) MOD 6 == 0 or
(N-1) MOD 6 == 0"
P = 13
Q = 67
N = 13 * 67 = 817
(N - 1) mod 6 = 816 mod 6 = 0
(N + 1) mod 6 = 818 mod 6 = 2
Uh oh. Back to the drawing board.
I didn't, BTW, make a Perl script to check this, nor did I intuit this counterexample. I just chose the first two prime numbers I could think of.
RSA and PGP (Score:2)
However, the other cornerstone of "classic" PGP (the IDEA symmetric algorithm, which does most of the work - the RSA key is merely used to encrypt an IDEA key) will not have it's patent expire until 2010 [ascom.ch] at the earliest.
What is really needed is a usable, DOS command-line version of PGP (or GPG) to replace the existing batch-mode use of the RSA/IDEA standard with the more modern (but equally secure) DH/CAST base used in more recent implementations, which is patent-free (or expired
--
Re:RSA and PGP (Score:2)
I'm obviously one of those stupid people - I have absolutely no idea what difference this makes to my point. yes, a new, pure-rsa package could be written that didn't touch symmetric encryption with a bargepole, but then you would have the following:
IDEA, as a symmetric algorithm, is much faster than RSA.
Yep, still true today - just with larger files in the picture
Without RSA in the process, we're back to square one for all ciphers which is distributing the keys. RSA does away with that problem.
Ah, now I understand. you haven't grasped the difference between PKI algorithms as a whole (the current unburdened example of which is DH/Egmal) and RSA, which is merely one example of it - and obviously not the first to be discovered, given that the patent on DH expired some months ago. PGP can (and does!) use DH as a replacement to RSA, just as it can (and does!) use CAST as a replacement to IDEA. problem is, there are no stable DOS command line releases currently available. 5.0i for DOS is untrustworthy and (as far as I know - I stand to be corrected) no longer being worked on, and GPG for Dos is *listed* as an unstable alpha not to be trusted for anything but sig verification.
If you want a target to flame, might I suggest one of the "petrified girl" posts? No-one really cares if you fail to understand their content before you reply to them.
--
Re:Why cheaper? (Score:2)
Actually... (Score:2)
The real irony is that I can't then E-Mail it back to Finnland without facing prosecution.
Bout damn time (Score:2)
Cheaper crypto? Probably not. ElGamal, DSA, Diffie-Hellman and ECC have been and remain alternatives for PK.
Re:Why cheaper? (Score:2)
- Alex
[*] Diffie-Hellmann is a method to generate a session key while the bad guy is listening.
Re:RSA first invented by the British (Score:2)
Yeah, the British spooks did invent Diffie-Helman and RSA in the '70s, but at GCHQ (Government Communication Headquarters), not Bletchley Park.
No guarantee (Score:3)
Re:Why cheaper? (Score:3)
Despite what many in the US think, the East coast does not mark the edge of the world, and people who sail beyond the horizon don't fall off.
RSA encryption has been used, freely, throughout Europe, for a considerable period of time. International versions of PGP, for example, can be found in many University FTP archives, and are widely used.
Yes, it does mean RSA can be used "freely" in the US, but that's about the limits of the benefit. One small continent, amongst many.
The facts here are certainly true, but that's not the whole story. A LOT of software development takes place in the US; all surveys I've seen have ranked the US as the largest software producer in the world (most of them rank India second). Key commercial products are developed in the US, and many key Free software projects (including the entire GNU project [gnu.org]) are hosted in the US. All this software needs to care about the RSA patent, or risk lawsuits.
After the patent expires, none of this software need worry. European users will no longer have to use patches and alternate versions of American software, RSA code can be in the main code tree. RSA software developed outside the US will no longer feel like they need to offer an American version, since the rules will be closer together. This will make development easier across the board.
Besides, RSA isn't cutting-edge, by a long way. Yes, it's proved very resistant to attacks, and it's one of the best public-key encryption algorithms out there, but there's a lot of much newer stuff that looks like it could be more attractive in the long-term.
It may not be cutting edge, but it is the defacto standard protocol for encrypted internet communications. I wish more software would support DH/DSS, but they just don't. So-called "cutting edge" solutions generally have not been around long enough to be trusted, much less standard.
(IMHO, it's a mistake to rely on a "proven solution" in preference to looking ahead. If anyone cracks the primes problem, RSA is dead in the water. Instantly. No matter how "robust" it's been.)
Both needs to happen, you always need to be looking ahead to find new technologies. On the other hand, when implementing a real world system, you need proven, robust technology to rely upon. RSA is currently the tool used by most organizations to implement their PKI for this very reason.
In the future RSA may die, then they need to move to something else, but can you point them at a PKI technology: available right now, with a reliable track record spanning many years, with open cryptographic review spanning at least as long, that isn't succeptable to the "if anyone cracks the primes problem" vulnerability? Regardless, it's not a major vulerability, since that problem has been attacked from many different angles for centuries with no better solutions than the slow ones we have now.
----
Yeah man, who needs SSL in common browsers? (Score:3)
The expiration of the RSA patent will be a wonderful relief for many of us who have tried to negotiate a license for some sane SSL package -- Red Hat is currently your only salvation if you want to use a modern solution like mod_ssl with openssl to create your own apps. And yes, I know full well that IPSec and other ciphers could be used, but not for all the applications I need, unless I am severely mistaken and/or really dumb.
I have been accused of being otherwise, and more to the point, looked around for a while before giving in to the sad truth.
A remarkable expiry (Score:3)
There has been a tendancy for patents on computer-related stuff to block developments for so long that the patented matter to be an irrelevant obsolete technology by the time it becomes publicly available.
It may be that we need to start looking at elliptical algorithms, although it is unfortunate that the level of math required to understand it is greatly more daunting.
Hopefully there are a few years of "reasonable security" left in RSA...
Only applies to US (Score:3)
and this will have little affect on code that
uses RSA. After all PGP and GNUPG are pretty
widespread inside and outside the USA.
The only affect should be on commercial (closed
source) code within the USA.
Now there should be no reason for RSA to be preferred key exchange, et al., alg.
Patents (Score:3)
RSA first invented by the British (Score:3)
Re:Only applies to US (Score:3)
> (closed source) code within the USA
Not exactly. Linux distributors in the USA will finally be allowed to add stuff using RSA (ssh,
Along with the slightly improved export restrictions, this can be a real gain.
RSA for Dummies (Score:3)
Euler said:
For any number m,
x^{\Phi(m)} mod m == 1
where \Phi(m) is the number of n<m for which gcd(n,m) == 1
If m has the prime factors p_1,p_2...p_k, then \Phi(m) equals the product of the (factors minus one), \prod_i (p_i-1)
RSA uses that property. I construct a m = p*q, where I know the prime numbers p and q. These are very hard to find out for you. I therefore know that \Phi(m) = (p-1)(q-1). I give you m and e, you give me y=x^e (mod m), I calculate d, such that (d*e) mod \Phi(m) = 1 and do
y^d = x^(d*e) = x^1 = x (mod m).
That probably wasn't really for Dummies... ;-)
- Alex
PS Can you tell I'm doing LaTeX lately?
Re:A remarkable expiry (Score:3)
RSA is based on math, and the old greek math is still valid so why should not RSA ? RSA is easy to implement and has withstand years of numerous attempts to break. A downfall with new crypto is the the fact that there migh exist a easy way to break it - that is non-obvois at start but might be uncovered by years of research. RSA is still considered secure - if used correctly.
RSA good point is that its easy to use and as secure as one can get.
Why cheaper? (Score:4)
*A large percentage of the Flat Earth Society are in the Southern states of the US.
RSA encryption has been used, freely, throughout Europe, for a considerable period of time. International versions of PGP, for example, can be found in many University FTP archives, and are widely used.
Yes, it does mean RSA can be used "freely" in the US, but that's about the limits of the benefit. One small continent, amongst many.
Besides, RSA isn't cutting-edge, by a long way. Yes, it's proved very resistant to attacks, and it's one of the best public-key encryption algorithms out there, but there's a lot of much newer stuff that looks like it could be more attractive in the long-term.
(IMHO, it's a mistake to rely on a "proven solution" in preference to looking ahead. If anyone cracks the primes problem, RSA is dead in the water. Instantly. No matter how "robust" it's been.)
More than you wanted to know about copyright terms (Score:4)
Copyrights have been extended an average of about 1 year per year since 1962. The latest extension, the Sonny Bono Copyright Extension act of 1998 extends corporate copyrights to 95 years, retroactively. Since the stated purpose of copyrights in the constitution is to encourage the production of art and science by giving a monopoly for a limited time, retroactive extensions are IMHO unconstitutional. The current extension madness seems designed to make sure that Mickey never enters the public domain.
--
Hmm... (Score:4)
Look guys... RSA was formed for the specific purpose of cornering the encryption market and they have been screwing the entire industry with their draconian licensing costs. Their patents are expiring -- do they really think that I, as a developer that has been putting up with their bugware and outrageouse prices for year, am going continue to license their bugware when there are numerous free, high quality implementations?
I think not. Ding, dong the witch is dead! The witch is dead! Hail to a new era when lions and hyenas can communicate securely! Death to RSA!
It probably will make no noticable difference (Score:4)
Encryption is for most people invisible, they go to an online shop and buy stuff. Maybe they notice that the little lock in the lower left corner is closed and maybe they don't. If RSA is a part of the protocol then its already there.
Most people don't care about pervasive encryption. When they're forwarding the latest joke they received to their friends and families they don't worry about encryption or digital signatures. People don't even bother encrypting email to their mistresses, their mistress probably can't be bothered to remember a private key.
The difference it will make is to people who sell the technology, it'll be a bit cheaper to them which might be important since for good or bad the current cost model for Internet Explorer and Netscape Communicator etc. is to be free (like beer, not speech)
I don't see that RSA patents has hampered the widespread deployment of PGP. Apathy on the part of the public has hampered the widespread deployment of PGP. I know personally that if people started sending me trivial things encrypted it'd probably hit the bit bucket unread.
There's no need to use RSA (Score:5)
Because RSA was patented, replacement algorithms were developed and used instead. GNU Privacy Guard [gnupg.org] as well as PGP 5.0 [pgpi.org] and later use Diffie-Hellman, DSA and/or ElGamal instead of RSA.
Besides, PGP doesn't use public-key encryption for the whole message. It uses RSA (or equivalent) only to encrypt a random "session key", which is then applied to the whole message using a symmetric cipher. PGP 2.x uses the IDEA cipher, which is also patented, and which is patented more widely than in just the USA.
Because of all the patent nonsense, I urge everyone who still uses PGP 2.x to upgrade to PGP 5.0 or higher, or to switch to GnuPG.
If you don't use any encryption tools yet, I recommend GnuPG [gnupg.org].