Re: The need for FREE cryptography ...
It would be wonderful if somebody would put a reasonably secure package (much like PGP) and copyleft the source. ... What I'd need, if I wanted to integrate this technology into new platforms such as voice communication or an encrypted file system, is a library of tools for shuffling this data around and piping it through the "magic" algorithms.
I wonder if somebody on this list could outline what efforts are being made in this area. Well the GNU MP library would be a good place to start (it implements
the raw RSA operations quite efficiently). It wouldn't be much work to package it up with free code for Triple DES, IDEA, MD5, SHS and some good "random" number generation algorithms. What you are looking for is something like RSAREF with different licensing terms. If this sort of work were to be distributed it should be done by someone outside of the U.S. and Canada. At one point I wrote some code to do part of this based on GMP (using LUC). I've seen old versions of it on anonymous ftp sites. Obviously one would want to add DH key exchange and some other features, but it did come with a very simple sample application called L3 which implemented PGP/RIPEM-like public key encryption and signing. Certainly if you can find an one of these old versions lying around on a ftp site, you are free to do with it as you like (anything I wrote is in the public domain) At this point, I do NOT plan to distribute any newer versions of this, because of anticipated patent infringement claims and because of the overly restrictive licence of GMP. It has essentially become a project for my own personal research and amusement. Mark -- Mark Henderson markh@wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433
It would be wonderful if somebody would put a reasonably secure package (much like PGP) and copyleft the source.
Well the GNU MP library would be a good place to start [...] It wouldn't be much work to package it up with free code for Triple DES, IDEA, MD5, SHS and some good "random" number generation algorithms.
My own thoughts on packaging this kind of thing for general use is to make a cryptographically enchanced PERL. In particular, I'd add the following data types: - arbitrary precision integers - arbitrary precision modular integers (i.e. a value, modulus pair) - bit/byte/word vectors of specifiable lengths I'd add the following operators - '*%' (ternary) modular multiplication - '**%' (ternary) modular exponentiation - '~' (binary) bit permutation - '~~' (binary) byte permutation I'd add some functions - des() - armor(), disarmor() - gcd() - xgcd() which also returns the coefficients s.t. x*a + y*b = gcd(x,y) I'd add some miscellaneous stuff like being able to read in a PGP keyring as an associative array. Some strong pseudorandom number generators might be useful. It might also be convenient to have a fast parser for RFC822 email. (Does everybody see where this is leading??) And just because you _can_ easily write, say, $plaintext = &idea( decrypt, $ciphertext, $cipherkey ** $public_exponent{ $user} % $public_modulus{ $user } ) or maybe something else, say, $p = & first_prime( & long_random( 510, 514 ) ) ; $q = & first_prime( & long_random( 510, 514 ) ) ; $N = $p * $q ; [...] doesn't mean that the cryptographic PERL violates anybody's patent rights in any way. These are just my thoughts. I'm not going to work on this, but I do hope to inspire someone who might. Eric
It would be wonderful if somebody would put a reasonably secure package (much like PGP) and copyleft the source. ... What I'd need, if I wanted to integrate this technology into new platforms such as voice communication or an encrypted file system, is a library of tools for shuffling this data around and piping it through the "magic" algorithms.
I wonder if somebody on this list could outline what efforts are being made in this area. Well the GNU MP library would be a good place to start (it implements the raw RSA operations quite efficiently). It wouldn't be much work to package it up with free code for Triple DES, IDEA, MD5, SHS and some good "random" number generation algorithms.
What you are looking for is something like RSAREF with different licensing terms.
What I would like to see is libraries from PGP, along with some additions. Why PGP? It would be nice to be able to use the optimized IDEA and RSA algorithms from PGP. More importantly it would be nice to write programs that use the well established key ring files. This would solve problems of key ring distribution. It would also mean that crypto programmers need not worry about their own random number generation, with all random number generation handled by the PGP libs. The advantage of this is that there would be 1 random number generator that did things right rather than a bunch of implementations that had subtle flaws. If everything shares the same implementation, that implementation can be strengthened much faster. The PGP library itself is not enough though, it is missing some things that should accompany it: DES/triple-DES and DH key exchange for example. Tim N.
participants (3)
-
hughes@ah.com
-
markh@wimsey.bc.ca
-
Timothy Newsham