OpenSSL Gets Cryptography Gift From Sun

Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."

Great!

Now I can keep my pesky roommates out of my palms oh-so-full social calendar.

Re:Great!

Now I can keep my pesky roommates out of my palms oh-so-full social calendar.

You mean right now you let *your* palm *date* your friends? Ewww....

Re:Great!

Actually, there is a real use for widespread heavy-duty crypto, even on a PDA: encrypted money tokens.

If strong encrypted money tokens were to be implemented on a wide scale for, say, Palm PocketPC, Zaurus, and maybe a special purpose StrongARM device, you could expect to see a cheap widespread secure electronic payment mechanism that you can use for micropayments.

Aside from the novelty of buying lunch with your PDA, this could be the next step towards truly secure electronic transfers. You can say goodbye to corporate privacy violations when you can pay for your online goods with secure anonymous electronic cash.

Imagine paying your peers in a P2P system for MP3s/OGGs/whatever. Providing fat bandwidth for P2P would be a potential money-maker, not merely a labor of love. Throw in an anonymizing protocol and you're selling MP3 bandwidth online securely and untraceably; the RIAA couldn't shut you down, because there'd be no way to figure out who you were.

That's the power of widespread strong crypto, especially in small devices.

Is this the same as featured before?

This isn't the encryption scheme mentioned previously, when Slashdot reported that a distributed project has almost "broken" the scheme, is it?

It's not really that surprising

Sun is basically "arming the rebels" so they can better fight Microsoft. Even though they may have other motives, it's nice of them anyway.

Re:It's not really that surprising

"Sun is basically "arming the rebels""

No. I think it this move was designed to improve Apache's security and make it a greater e-commerce tool on solaris( and unix). Sun relizes that more sun webservers use apache then Iplanet so they are donating the code to openssl since apache uses it by default. And not to just attack Microsoft. However I do question the timing since newly discovered ssl flaw recently in IIS/IE is making headline news and CIO's nervous.

Something like this may have an impact in e-commerce purchasing decisions. .NET has made alot of hype and headway into the ecommerce market because its so easy to write a vb.net ecommerce site these days. In VB.NEt you can declare a subroutine as a webservice or applet(never used it but seen it)and it instantly becomes a servlet. This is something Sun has to fight. Windows Developers are really rallying upon .NET because thats all they know. Same reason why SQL-Server is getting popular. With palladium security will be a non issue so who knows what will happen. I do not see how sun could fight this unless use the more open TCPA [trustedpc.org] standard. At least that one is not owned by Microsoft like palladium.

Re:It's not really that surprising

okay, I know this is a personal thing, but it's iPlanet, not Iplanet, or IPlanet. I used to work there, and it drove me nuts when someone would misspell it.

I'll probably get modded out of commision for this, but I just really get tired of misspellings.
Even though I was on the netscape side, and got laid off, I'm still loyal to iPlanet. They gave me my start in the IT world (head Sysadmin for iPlanet Learning Solutions), and I can't thank them enough for it.

Ugggh..

I hate you bastards..get my curiosity flowing, now I get the waste the rest of the work day reading this [amazon.com] I encrypted something on my pda once..then tossed it out. Rather unorthidox method of the onetime pad cypher, I know, but hey.

Shouldn't this be placed under a different section

Although I use and keep up with the BSD side of things, but I think this affects the entire open source community as a whole, including xBSD, Linux, Apache+SSL, and gobs of other software that utilizes SSL for security.

Nonetheless, it is great to see Sun contributing back to the community.

This does bring up one question in my mind though... could this be used in SSL acceleration cards to improve the effiency of the SSL 'processor' (i.e.: keep the same performance level while reducing the amount of power necessary)?

Re:Shouldn't this be placed under a different sect

OpenSSL is not the child of OpenBSD, nor a cousin of OpenSSH. OpenSSL is an independant project.

OpenSSH is a baby of openBSD, and OpenSSH depends on OpenSSL.

The Eliptic curve stuff was donated to OpenSSH team, not the OpenSSL group. So dreaming about this in your ssl accelerated card of the future is a bit silly. However, if openSSH team open sources the tech, and that tech is under bsd lisence, then maybe it will work its way down into the chip makers crypto designes.

Wrong. OpenSSL != OpenSSH

OpenSSL is written by the OpenBSD people

Not quite.

OpenSSL is maintained by OpenSSL core members: Ralf S. Engelschall, Ben Laurie, Mark J. Cox, Dr. Stephen Henson, and others developers. [openssl.org]

OpenSSH was written by OpenBSD members (Theo de Raadt, Niels Provos, Markus Friedl, Dug Song, and others). OpenSSH uses OpenSSL as a cryptographic library source (it is highly optimized for many processors).

When cryptography is outlawed,

newlmsy akhtswnd whss adna nwsufaclanw!

Kudos to Sun

Another fine donation by Sun. Congratulations to them for the offering.

Good for more then PDA's

Since there is no known weakening from quantum computers of elyptic curve cryptosystems EC's may well be better for long term cryptography, even on supercomputers. Since it is pretty well known that the massive parallelism of quantom computers will greatly increase the ability of future systems to factor large numbers more traditional cyphers will be under more pressure.

Re:Good for more then PDA's

That's just not true; Shor's algorithm transfers quite nicely to solving what is essentially the discrete log problem in a group. IOW: Elliptic curve cryto is not any safer. See This [nec.com]

elliptic curves?

what about the Taniyama-Shimura conjecture? If openSSL would include that with elliptic curves we could solve Fermat's last theorem on our PDA's...

so now

so now do we hate sun or love sun ?

Offering from large companies

Has anybody noticed a trend lately of large corporations or companies making offers to the public source movements. Is this a play between them for notice, or are they finally starting to figure out that it's better to play nice with open source than fight against it?

Re:Offering from large companies

sun has been contributing to free software for decades. they didn't make a big production of it, but it's been happening anyway. now yes, for the past few years they've been rather obnoxious on certain fronts, but for the most part they've done their bit.

denegrating this contribution as if it's a new position sun isn't very fair to their company or their developers.

Certicom SecureMemo?

When I first got my Visor, a co-worker sent me an app he had been using to encrypt passwords and such. It was called Certicom SecureMemo. To set it up, you would drag your stylus in circles (elliptic curves), and it would generate a key based on this. Now, my question is, doesn't this imply that this technology is already implemented on Palm? Given, it's not OSS, but it is there.

Unfortunately, I think Certicom pulled the app from their site. Nice app.

Please say it's patented..

.. and that they have given a irreversible distribution right for free software, so that its usable on free software but not for proprietary software unlicensed by SUN.

Or... was that a rather evil thought? I'm not sure anymore, I'm so blinded by my zealotism.

Nice - but is it really necessary?

Doesn't most hand-helds have more than enough processing power for encryption? Since you don't have broadband connections, the highest possible pressure on the processor is to encrypt/decrypt 56 kbit/s. With f.ex. 233 MHz, that's around 30 MHz pr. kbyte. And if you're encrypting financial transactions the amount of data transfered is very, very small.

The article cites that current encryption technology is based on 17th and 18th century mathematics - so is quite a lot of other things that work very well indeed. Mathematics don't deteriorate.

Of course this is a Good Thing (tm), but I honestly don't think that many people will ever notice a difference.

Just what was donated?

I read the article, but "technology" was the only thing I read was "donated". WTF does that mean? Did they give them reference code with a GPL (or whetever the OpenSSL library uses)? Did they give up patent rights to the method? The article didn't explain just what the OpenSSL folks got.

8-10 years from now?

Supposedly, this offers encryption with less computational demand. And, supposedly, it's not going to be in use for 5 to 10 years.

If that's the case, my quesion is this: Why bother? Moore's law says that in the 10 years that it will take to get this implemented, CPU's will be *64 times faster* than they are today.

Just think: "Wow! With this new encryption technology, encrypted 100 megabit networking only takes 0.05% of my processer instead of 0.1%!"

steve

Certicom has done commercial ECC for years

The article reads as if using ECC for small devices is a novel concept. That isn't the case- Certicom is 15 years old, and has done ECC for handheld and embedded devices for at least 4-5 years. It has some solid encryption researchers (Scott Vanstone, for example) and a bundle of patents. Most Palms out today use Certicom's ECC, although newer versions are using RSA. And while Certicom is probably the best known company promoting ECC, I know of several other companies in Japan, Korea and Germany that sell their own implementations of ECC.

Securing edge of network devices

I can see this as a positive step to secure the network end to end, from the server room down to the smallest of devices, the PDA.

As it stands now, having a wireless network could be a blessing. Information available at your finger tips. PDAs have never been a strong focal point for security in my experience. It will be great to see a network that can be truly encrypted end to end.

Now if only the user friendliness of this made it so that even the ordinary citizen could use it.

Bush's advisor present, official government suppor

You know what that tells us, right?

The NSA can already crack it. :)

Why don't they release a OPENSSL patch for Cobalts

If they are so *&*^ serious about security? The slapper worm has been out for quite a while now, and Sun's cobalts run a REALLY old version of OpenSSL. Sun's last patch was released almost a month ago, for a CGI vulnerability. They've been asked dozens of times about the OpenSSL patch, and won't even give customers the courtesy of a "We're going to have one by X" response. CobaltOS is just a flippin' rebuilt RedHat OS; it isn't hard to patch!

The BSD license is evil

The BSD license is evil. It is a license to steal. Using it will only ensure that corporations will not contribute anything back to the community... ...What's that? Sun contributed back? Well, shit. That ruins that argument...

Whitfield Diffie did NOT invent ECC

'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame)

Elliptic curve cryptography was indepentantly
invented by Neal Koblitz [washington.edu], Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source [certicom.com])

Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.

Merkle invented public-key cryptography (too)

Whitfield Diffie is Sun's chief security officer, and co-invented public-key cryptography.

Actually, Ralph Merkle invented public-key cryptography (too). Merkle's article was SUBMITTED first, though the Diffie-Hellman article was PUBLISHED first while Merkle's was still going through the review process.

Not to disparage any of 'em. Merkle and Diffie & Hellman both invented it separately.

And for you people who follow Nanotech and/or Cryonics, yes it's THAT Ralph Merkle (who didn't invent either cryonics or nanotech, though he does much great work to advance them).

Sounds like something 'the tick' would say

Well Arthur, it looks like this elipse has come full circle.

not to sound bitter...

but so what?

My crypto lib has supported [non-P1363] ECC crypto since quite sometime now. Big deal.

http://libtomcrypt.sunsite.dk
or
http://tom.ia hu.ca

I use ECC in the traditional ElGamal method without standard packet formats. But the idea is the same...

Tom

License?

Is it under a 4-clause [gnu.org] or 3-clause BSD [gnu.org] license? OpenSSL is _still_ under the 4-clause license, with the `obnoxious advertising clause' which says that you have to mention the developers in all advertising materials.
Not such a big deal, you might say, but there are two big problems with this: 1) It's incompatible with GNU GPL, so no straight GPL software can use OpenSSL, and 2) it causes huge practical problems [gnu.org].

Theses issues are a big [debian.org] problems [debian.org] for [debian.org] Debian [debian.org], in particular.

I'm really unclear what Sun is 'gifting' here...

Elliptic Curve Encription isn't 'owned' by Sun. Apple owns some pattent related to it that they got from NeXT (search for Richard Crandall). And it was invented by someone else entirely (see comments above).

sun labs

Sun has a pretty good site with some informative documentation and a link to OpenSSL's cipher downloads [sun.com]

1. http://research.sun.com/projects/crypto/

encryption

Does anybody know of a secure surfing service that the government doesn't have a back door key to? IE SSL encryption is definitely out, and I'm not so sure about anonymizer.com, either.

Three types of elliptic curves

There is a saying that in cryptography, there are three types of elliptic curves: the insecure ones, the inefficient ones, and those that have been patented by Certicom.

I wonder which curves can be used with the code offered by Sun.

Theo's take

Date: Mon, 23 Sep 2002 12:38:11 -0600
From: Theo de Raadt
To: misc@cvs.openbsd.org
Subject: openssl

some of you asked us what that ECC donation from Sun to OpenSSL means.

so what does it mean?

it means that OpenSSL is becoming a non-free software project, because
the code from Sun contains licenses which invoke patent litigation;
the licence on the new code basically builds a contract that says "if
you use this code, you cannot sue Sun".

In such a way, by means of the slippery slope, a free software project
becomes not as free, and eventually, less and less free.

Before anyone speaks up about and says "that restriction does not
affect me". It does indirectly affect you. It means that some other
vendor that uses this code, and subsequently ends up having a spat
with Sun, ends up wasting money on legal efforts, and our entire
society pays for that. My take on it, is that this is the way the
legal industry ensures itself future work.

On the other hand, here in OpenBSD land we will continue to strive to
make our software more and more free. We've been squishing odd
license terms which contain non-free restrictions throughout the
source tree for about 2 years now.

once again, i think it is time to fork OpenSSL. It's obviously run by
a bunch of people who don't think through the legal implications of
their actions. they should NOT have accepted that code without it
being 100% free.

This donation is not free code. Shame on you Sun, and double shame on
you OpenSSL.

Sun FAQ

A FAQ by Sun is at
http://research.sun.com/projects/crypto/FrequenlyA skedQuestions.html [sun.com]

It includes technical information and answers questions some people had about licensing.

Re:If only Pocket IE supports it...

What's the titel of that Eagles record again??

Re:Get some PRIORITIES!

We are techs/geeks, thats what we do. We don't politicize or make war! We do what we are best at.

Re:This rocks

Yeah, sometimes I just love Sun!

Re:NeXT, did NOT invent ECC.

...given that it was invented by NeXT?

Sorry, Ellipitic curve cryptography was invented independantly by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
(Source [certicom.com])

Re:Why is this significant?

I know the keys used for ECC are generally smaller, but that seems like a fairly minor consideration even for PDAs

ECC uses smaller keys, which is suitable for very small networked devices like network appliances, that use cheap (<$1) 8-bit microprocessors with very small amounts of NVRAM.

Is eliptic curve cryptography actually faster than RSA?

Yes, which is the major advantage over RSA, more important in most applications than the storage of smaller keys. I don't know exactly but I estimate in the area of 10 to 100 times faster for "equal" level of confidence in security.

And if it IS faster, wouldn't it be much more useful for web servers than for PDAs?

Think mobile phones, or cheap network household appliances with 8 and 16-bit microprocessors with clock speeds less than 12MHz. It also means lower power comsumption which is important for most battery powered devices.

Re:BSD??

No. OpenSSL was originally SSLeay written by Eric Young.

Re:Why is *Sun* getting the nod for this technolog

Wondering if its not because they "invented" it, but maybe because they hold the IP license for an implementatuin that they decided to allow OpenSSL to use under a free license..