At 4:31 AM 02/28/96, Mutant Rob wrote:

It'd be funny if the next time somebody hacks a proprietary code, if they make some changes, redo the key schedule, perhaps in mind of strengthening the algorithm, and then post it to sci.crypt as "hey, I got this idea for a new crypto algorithm... what do you think?". If the algorithm is different enough from the proprietary code version, with no clear connection between them, and the author can give full design rationale as if s/he wrote it from scratch, then what's a company to do?

Umm, if the _algorithm_ is different enough, it's a different algorithm and it's not even an issue. I guess you mean if the algorithm is the substantially the same, but the code implementing it is substantially different. But I'm not sure that matters anyway. The way I understand it with trade secrets is: If I'm an employee of PKP (let's pretend they have employees who actually look at code), and they want to keep something a trade secret, they make me sign a non-disclosure agreement. If I break it, and they can prove I broke it, I am in big trouble for breach of contract. I guess if I can make up a convincing enough lie about inventing it from scratch, I can get off. But if I work for PKP, I don't think I'm going to have too much luck convincing a jury that I just coincidentally stumbled on the same algorithm. If I, who has signed a non-disclosure agreement with PKP, takes the trade secret code and sends it to Mutant Rob, and Mutant Rob posts it near and far, Mutant Rob hasn't done anything illegal, and hasn't broken any contractual obligations, and is basically doing fine. As I understand it. So it doens't matter if he pretends he invented it himself or not. Of course, if they take him in the back room and introduce him to "Mr. Thingy" (or make him testify in court, if you prefer), and they find out it was me who sent it to him, I'm still in Big Trouble. Trade secrets don't really have any legal standing or protection, for the most part. They're just things a company is trying to keep secret, for the most part. Generally by using non-disclosure agreements.