Ah yes, I had heard about the attack on SHA and had read about it, but it didn't seem to be that practical.
SHA is not patented: http://grouper.ieee.org/groups/1363/P1363/letters/NIST.txt Actually, regardless of the cipher you use, unless you have a truly random source of numbers, your going to undermine the strength of your encryption. For an embedded system, such a thing has to be designed in from the get-go, as a software PRNG is generally nowhere near good enough. The AMD and Intel CPU's both have hardware random number generators on-chip. That is, the most advanced and expensive CPUs do. I don't know that these are in common use among embedded systems yet, though. Ted >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Vin McLellan >Sent: Wednesday, July 13, 2005 12:28 AM >To: openssl-users@openssl.org >Subject: RE: Algorithm licensing > > >Hi Mat, Ted: > >RC5 was invented by MIT Prof Ron Rivest in 1994 for RSA >Security, and RSA >received a US patent for RC5 in May of 1997. RSA licenses RC5 >separately >-- as well as part of its BSAFE SDKs (including the BSAFE >Crypto-C Micro >Edition, and BSAFE SSL-C Micro Edition:.) See: ><http://tinyurl.com/aeosg>. > >RSA never patented or otherwise restricted the use of Rivest's >hashes: MD2, >MD4, and MD5. Over the years, however, the integrity of each >of these has >been undermined by advances in cryptanalytic research. As far back as >1996, RSA Labs publicly urged developers to use the 160-bit SHA-1 hash, >instead of MD5, and to plan for the migration of existing MD5 >implementations. > >Further research into MD5 vulnerabilities has led RSA to bluntly and >repeatedly declare MD5 "broken" and insecure. > >I don't know what your alternative are in OpenSSL, but reports >earlier this >year about a new attack on the 160-bit SHA-1 by Xiaoyun Wang, >Yiqun Lisa >Yin, and Hongbo Yu led many developers to shift to SHA-256 (and >to call for >a major AES-style development effort to explore alternative >constructs for >one-way functions.) > >RSA Labs, for which I've been a consultant for many years, published a >couple of summary notes on the SHA-1 developments >at:<http://www.rsasecurity.com/rsalabs/> > >Hope this helps. > >Suerte, > > _Vin > >--------- in response to --------------------------------------------- > >Ted Mittelstaedt <tedm_at_toybox.placo.com> wrote: >> >>md5 is not patented. des and 3des the patent expired. Blowfish was >>originally published >>not patented. That's all I know. With Cisco IPSec work just >about all >>configs use md5, sha, >>des and 3des and Cisco isn't known for liking to pay royalties to >>anyone. If I were you I >>would stick with md5, des and 3des. >> >>Ted >> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] Behalf Of Kramer, Mat >>>Sent: Monday, July 11, 2005 1:34 PM >>>To: openssl-users@openssl.org >>>Subject: Algorithm licensing >>> >>>Hello, >>> >>> >>> >>>We are using OpenSSL in an embedded device. I have been told >that some >>>of the cipher suites include patented algorithms that must be >>>licensed. The OpenSSL FAQ is intentionally vague about what >algorithms >>>are protected, although it recommends a specific >configuration to remove >>>RC5, IDEA and MDC2. Are these the only three that are protected? Is >>>there anywhere I can find out definitively what algorithms >are protected? >>> >>> >>> >>>Thanks, >>> >>> >>> >>>-Mat >> >> > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
