OpenSSL Gets Cryptography Gift From Sun

Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."

It's not really that surprising

[bsharitt]

Sun is basically "arming the rebels" so they can better fight Microsoft. Even though they may have other motives, it's nice of them anyway.

When cryptography is outlawed,

[SHEENmaster]

newlmsy akhtswnd whss adna nwsufaclanw!

Good for more then PDA's

[afidel]

Since there is no known weakening from quantum computers of elyptic curve cryptosystems EC's may well be better for long term cryptography, even on supercomputers. Since it is pretty well known that the massive parallelism of quantom computers will greatly increase the ability of future systems to factor large numbers more traditional cyphers will be under more pressure.

Re:elliptic curves?

[plcurechax]

but since they are modular, we could also use them for traditional pgp style encryption, no? instead of symmetric keys, you could use a public key.

SSL and PGP (or preferrably the newer OpenPGP [openpgp.org]) standard both use a hybrid scheme which uses both asymmetric and symmetric encryption algorithms.

If you mean could elliptic curves schemes (ECDLP, ECDSA, ECDH) be used in OpenPGP as well as SSL/TLS; then yes as long as it was added to the OpenPGP standards [ietf.org] which I don't think includes ECC yet but has spaces reserved for future ECC use.

Securing edge of network devices

[clutch110]

I can see this as a positive step to secure the network end to end, from the server room down to the smallest of devices, the PDA.

As it stands now, having a wireless network could be a blessing. Information available at your finger tips. PDAs have never been a strong focal point for security in my experience. It will be great to see a network that can be truly encrypted end to end.

Now if only the user friendliness of this made it so that even the ordinary citizen could use it.

it's all strategy

[g4dget]

Companies give software away for many reasons: PR, establishing standards, driving competitors out of the market, and hurting competitors financially are among them. Sharing development efforts may be as well, but usually is not. Sometimes such strategies are combined with "dual licensing schemes", where open source is used to gain a foothold in a commercially meaningless part of the market to prop up a product that otherwise wouldn't be competitive.

Not all such gifts are useful for the recipient, and some are genuinely harmful to the interests of open source users. So, do look a gift horse in the mouth, or you may be stuck with large vet bills otherwise.

This one seems harmless if it is on unpatented technology, or if the patents are free for use by open source.

Three types of elliptic curves

[Florian Weimer]

There is a saying that in cryptography, there are three types of elliptic curves: the insecure ones, the inefficient ones, and those that have been patented by Certicom.

I wonder which curves can be used with the code offered by Sun.