If they are so willing to let us do this, then will they tell us why we have to use their code? If they are willing to do it, it shouldn't matter what code we use.
Wrong. The RSAREF code is *licensed* to you for non-commercial use. They are explicitly not giving it away, or making it "freely available". By allowing you to use it under their license, they are not leaving themselves open to claims of non-enforcement of their patent. If they let you write your own code, then, strictly speaking, you would need a license to use it. Negotiating such a license is expensive and time-consuming. You don't want to do it. If RSA is willing to let you use their code, do so. It's probably the best compromise you're going to get unless you have a lot of money and lawyers to spare. I have the source code, and I can read it. If there are any back doors, I (or someone with more experience) can find them. That's enough security for me. Marc P.S. I don't like software and algorithm patents, and said so to Jim Bidzos's virtual face during the conference last weekend. But the law still stands, and although IMHO it is flawed, it's not inconsistent, so I'll obey it. If the gov't outlaws strong crypto, then they've just done something illegal w.r.t. the Constitution in my mind, and I will feel free to disobey that law, should it come about. In civil disobedience (which is essentally what people are arguing for), you disobey laws you find so immoral or so evil that you cannot conscionably obey them. I don't like the current patent law in this country, but my disagreements are in the details of the law, not in it's very nature. I don't think any of my fundamental rights are being violated, so I'll complain and disagree, but not disobey.