1993-08-30 - Re: The need for FREE cryptography …

Header Data

From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
To: markh@wimsey.bc.ca (Mark C. Henderson)
Message Hash: d79c7542fd63e1de80c9550f0168d0316ac41330aa34bd330ab0c3ce4693781f
Message ID: <9308302242.AA06434@toad.com>
Reply To: <m0oXDF6-0000nqC@vanbc.wimsey.com>
UTC Datetime: 1993-08-30 22:44:27 UTC
Raw Date: Mon, 30 Aug 93 15:44:27 PDT

Raw message

From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
Date: Mon, 30 Aug 93 15:44:27 PDT
To: markh@wimsey.bc.ca (Mark C. Henderson)
Subject: Re: The need for FREE cryptography ...
In-Reply-To: <m0oXDF6-0000nqC@vanbc.wimsey.com>
Message-ID: <9308302242.AA06434@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> > It would be wonderful if somebody would put a
> > reasonably secure package (much like PGP) and copyleft the source.
> > ... What I'd need, if I wanted to integrate this technology into
> > new platforms such as voice communication or an encrypted file system, is a
> > library of tools for shuffling this data around and piping it through the
> > "magic" algorithms.
> > 
> > I wonder if somebody on this list could outline what efforts are being made
> > in this area.
> Well the GNU MP library would be a good place to start (it implements
> the raw RSA operations quite efficiently). It wouldn't be much work
> to package it up with free code for Triple DES, IDEA, MD5, SHS and
> some good "random" number generation algorithms.
> 
> What you are looking for is something like RSAREF with different
> licensing terms.

What I would like to see is libraries from PGP, along with some
additions.  Why PGP?  It would be nice to be able to use the
optimized IDEA and RSA algorithms from PGP.  More importantly it would
be nice to write programs that use the well established key ring
files.  This would solve problems of key ring distribution.  It would
also mean that crypto programmers need not worry about their own 
random number generation,  with all random number generation handled
by the PGP libs.  The advantage of this is that there would be 1
random number generator that did things right rather than a bunch
of implementations that had subtle flaws.  If everything shares the
same implementation, that implementation can be strengthened much
faster.

The PGP library itself is not enough though,  it is missing some
things that should accompany it:  DES/triple-DES and DH key exchange
for example.

                                Tim N.






Thread