From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 22 Jun 1996 21:47:22 +0800
To: ogren@cris.com
Subject: Re: Win95 Blowfish Implementation
Message-ID: <199606220824.BAA26724@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


>So correct me if any of the following statements are incorrect:
>1. Blowfish is not patented and can be used without royalty.

According to Schneier's book (which should be authoritative,
since it's his algorithm), the algorithm is unpatented
and the C code in the back of the book is public domain.

>2. SHA can be used without royalty.
Yup.  Use SHA-1 rather than the original SHA, though; the NSA
"updated" it in ways that do appear to strengthen it.

>3. MD5 can be used without royalty if the RSAREF library is used, 
>and if the proper credit is given to RSA.
>Also, can the MD5 algorithm be used outside the RSAREF library?  In 
>other words, can I rewrite the code to take in effect MFC classes?

Yeah.  I think there's even an RFC that comments on it.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Dispel Authority!