On Friday 07 July 2006 12:38, Francisco Rosales wrote: -cut-- Hello,
> If the problem is about the copyright of the rc4 implementation, > then you must know the full history. > > At some point in 1997 I decided to change from shc-2.7 to 3.0. The > idea was to change totally the way the script is hidden inside the binary. > I decide to use a very beautiful and tiny algorithm I seen published in > the news: > http://groups.google.com/group/comp.lang.c/msg/dce6ba2c5c8dd0d1 > > As you can see following the previous link, the published > implementation was 4 lines long (283 characters): > ---->>>>---- > #define S,t=s[i],s[i]=s[j],s[j]=t, /* :usage: rc4 key <file; @RSADSI */ > main(int c,char**v){unsigned char*p=*++v,s[256],b[4096],i=0,j=0,t;c= > strlen(p);while(s[i]=i,++i);while(j+=s[i]+p[i%c]S++i);j=0;while(c=read > (0,p=b,4096)){while(c--){j+=s[++i]S*p++^=s[t+=s[i]];}write(1,b,p-b);}} > ----<<<<---- > > ...and came with the following invitation: > " Anyone fancy having a go at shrinking this C code? ... " > > There was no copyright notice, but obviously there was an explicit > invitation for everybody to take and to modify that code. > > I took the invitation, not for shrinking but for improving > readability and usability. The resulting code, which is included in shc.c > file and in any ".x.c" generated file is: > > ---->>>>---- > static unsigned char stte[256], indx, jndx, kndx; > > /* > * Reset arc4 stte. > */ > void stte_0(void) > { > indx = jndx = kndx = 0; > do { > stte[indx] = indx; > } while (++indx); > } > > /* > * Set key. Can be used more than once. > */ > void key(void * str, int len) > { > unsigned char tmp, * ptr = (unsigned char *)str; > while (len > 0) { > do { > tmp = stte[indx]; > kndx += tmp; > kndx += ptr[(int)indx % len]; > stte[indx] = stte[kndx]; > stte[kndx] = tmp; > } while (++indx); > ptr += 256; > len -= 256; > } > } > > /* > * Crypt data. > */ > void arc4(void * str, int len) > { > unsigned char tmp, * ptr = (unsigned char *)str; > while (len > 0) { > indx++; > tmp = stte[indx]; > jndx += tmp; > stte[indx] = stte[jndx]; > stte[jndx] = tmp; > tmp += stte[indx]; > *ptr ^= stte[tmp]; > ptr++; > len--; > } > } > ----<<<<---- > > > I sincerely think that this code is mostly mine. > > Perhaps some i, j, s or p remains from the original, and obviously > I'm not the creator of the rc4 algorithm. Very good. I do believe it is yours. What I wish to see in shc.c is the very same words and explanations, that is, that the unknown-copyright implementation has been re-implemented by you and the copyright notice applis to it also. Since that appears to be true, it should be added there and get the users aware of that very important detail from the legal POV. Right, we are not discussing algorithm itself (it has already been in various free software packages), but its implementation in shc. > Is almost impossible for "John L. Allen" (wherever he is) to > recognize that code as his code, and obviously his own (beautiful) 4 lines > of code wasn't created from nothing, and he isn't the creator of the rc4 > algorithm neither. > > So... I sincerely think that this code is mostly mine. > The disclaimer I put on top of shc.c, > ---->>>>---- > /** > * This software contains the 'Alleged RC4' source code. > * The original source code was published on the Net by a group of > cypherpunks. * I picked up a modified version from the news. > * The copyright notice does not apply to that code. > */ > ----<<<<---- > > ...and the header of the rc4 implementation, > ---->>>>---- > /** > * 'Alleged RC4' Source Code picked up from the news. > * From: [EMAIL PROTECTED] (John L. Allen) > * Newsgroups: comp.lang.c > * Subject: Shrink this C code for fame and fun > * Date: 21 May 1996 10:49:37 -0400 > */ > ----<<<<---- > > ...were there basically because: > > 1) In 1997 I was not sure what could happen if I distribute > software > using (any implementation of) the rc4 algorithm. > I don't want the NSA of RSA people knock my door. > 2) To state that somebody published an implementation before me. > 3) To acknowledge that initial implementation. > > > > Today, and being stricter with what I write, both comments could > be rewritten such as something similar to: > /** > * This software contains an ad hoc version of the 'Alleged RC4' algorithm. > * The original source code was published on the Net by a group of > cypherpunks. * A modified version was picked up from the news: > * From: [EMAIL PROTECTED] (John L. Allen) > * Newsgroups: comp.lang.c > * Subject: Shrink this C code for fame and fun > * Date: 21 May 1996 10:49:37 -0400 > * The following implementation is a total rewritten based on the previous > one. */ I would add 'and is licensed also under GPL' or you think it is far too much as clarification. > > > As you have seen, I have implemented the initialization stage with > > > two functions, not one (stte_0 and key). The reason is that I want to > > > be able to apply more than one password, using key fuction several > > > times. > > > > That was what puzzled me a lot in the first place, but seems is the right > > way to go. > > > > > /* 3.8.5 */ > > > > I failed to find 3.8.5 version at > > http://www.datsi.fi.upm.es/~frosal/sources/ and the rows listed below are > > not from the last version found 3.8.3. > > I've already put it there. Thanks. I still miss the copyright clarfication, though: /** * This software contains the 'Alleged RC4' source code. * The original source code was published on the Net by a group of cypherpunks. * I picked up a modified version from the news. * The copyright notice does not apply to that code. */ > [deleted] > > > > As I have already stated, key_with_file (and the ability to use > > > key _incrementally_ several times) permits to make the encryption > > > dependent on some details of a given file. So the decryption of chk2 > > > will change if the signature of the given file changes, in other words > > > if the "shell has changed!". > > > > Hm, I'm a little bit confused by the message like "shell has changed", > > should it be more straightforward ... 'signature has changed' or > > 'decryption failed' ? > > Well, no in my opinion. These messages could seen more > "straightforward" for us as programmers, but the message is for "the > shc-user" who must know nothing about the implementation, neither > signatures, en/decryptions, etc. Yes, you are correct. > > > Perhaps my implementation of arc4 is more add-hoc than yours, but, > > > please, I see no reason to break the described behaviour. > > > > I agree with you. OTOH, in the light of having bits with clear license > > only we should replace the unknown-license cypherpunks code with a > > license-clear implementation. > > There is not a single byte of cypherpunk code in shc.c file. If so, I wish the truth to live in shc.c as a comment. I hope you find that acceptable ? > If I have clarified it enough we can keep the actual > implementation as is. > > If you finally think that there is no other way that to substitute > that part of the code... then I suggest you to put that code in other file > to be included both from shc.c and from any ".x.c" file. In that way, I'll > keep my own version in a state compatible with yours. Well, I prefer not to deviate from upstream (yourself) for no good reasons. I'd like we have a common set of bugs/features/implementations/etc... and I find it very appropriate that we can sort out and properly document the copyright info into program itself. > > I'll try to have a look and try to achieve what you describe > > above. The best solution im my opinion will be a new upstream version of > > shc with license-clear arc4 implementation. > > Thank you for your work. Well I like the program and I'm doing my best to soft out and resolve the issues being filed against it into Debian's BTS. -- pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu> fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
