home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!spool.mu.edu!wupost!waikato.ac.nz!aukuni.ac.nz!cs18.cs.aukuni.ac.nz!pgut1
- From: pgut1@cs.aukuni.ac.nz (Peter Gutmann)
- Newsgroups: sci.crypt
- Subject: Re: IDEA cipher (was: PGP 2.0 Announcement)
- Message-ID: <1992Sep15.062452.24780@cs.aukuni.ac.nz>
- Date: 15 Sep 92 06:24:52 GMT
- References: <1992Sep11.085627.26861@cs.aukuni.ac.nz> <1407@eouk23.eoe.co.uk>
- Sender: pgut1@cs.aukuni.ac.nz (PeterClaus Gutmann )
- Organization: Computer Science Dept. University of Auckland
- Lines: 58
-
- In <1407@eouk23.eoe.co.uk> a subliminally implanted suggestion made
- ahaley@eoe.co.uk (Andrew Haley) write:
-
- >Peter Gutmann (pgut1@cs.aukuni.ac.nz) wrote:
-
- >: However the patent owners, Ascom-Tech AG, are being very reasonable about
- >: the patent (totally unlike PKP). They let us use it in PGP without having
- >: to pay any license fees since PGP is free, and are very approachable about
- >: it's use in other programs. Still, I ended up not using it in my PGP-compatible
- >: archiver since I have a religious thing about patents - however, IDEA is a very
- >: good cipher and the way the patent is being administered is one of the more
- >: enlightened I've seen.
-
- >I utterly disagree. There is no way to describe the enforcement of an
- >algorithm patent as "enlightened". It's like saying "Frank is a good
- >jailer, he doesn't tie my shackles too tight". They (the IDEA
- >licensors) _do not_ allow the free use in PGP in general, only in
- >noncommercial cases. Which means that you and I can communicate with
- >PGP until we wish to discuss business; then we have to start paying
- >money.
-
- (I know followups were redirected to comp.patents but what I'm about to say
- is probably more relevant to sci.crypt)
-
- The reason PGP uses a patented cipher is that there is no real alternative.
- Triple DES is way too slow, as well as being *the* major target for US export
- restrictions. Other algorithms are either patented, have been compromised
- (mainly by differential cryptanalysis), or both. IDEA has been shown to be
- more resistant to differential cryptanalysis than most other ciphers (including
- DES). It is currently under intense scrutiny by crypto experts in a number of
- coutries (I think the PGP docs include information on this).
-
- The main point here is that if there's nothing else available then using a
- (as far as anyone can tell rather good) patented cipher is better than using
- a do-it-yourself one of dubious security. It's rather sad that there's
- nothing good/unrestricted available for public use (they're either
- export-restricted or patented or haven't been widely analyzed). Using IDEA
- was probably the best choice...
-
- Peter.
-
- ObFootnote: I'm religiously against software patents, and I'm not defending
- them here. I agitated against the use of a patented cipher in PGP on the
- grounds that noone could write any PGP-compatible software without running
- into the IDEA patent, since you *must* use IDEA to read the keyrings. One
- of the reasons the keyrings have provision for OEM cipher ID's for keyrings
- is to allow the use of non-patented algorithms to protect secret keys. In
- my PGP-compatible archiver I use an OEM ID for the encryption algorithm
- used to protect the keys - no way I'm going to get caught up in a patent
- wrangle. If anyone wants to protect PGP keyrings with their own non-
- patented ciphers, ID's of 64 and up are available (although it would be a
- good idea to check if anyone else is using them before you blindly define
- your own ID).
-
- Any comments on this scheme?
- --
- pgut1@cs.aukuni.ac.nz || peterg@kcbbs.gen.nz || peter@nacjack.gen.nz
- (In order of preference)
-
