Forgot your password?
typodupeerror
Security Operating Systems BSD

OpenSSL Gets Cryptography Gift From Sun 217

Posted by timothy
from the curvaceousness dept.
Kataire writes "C|Net posted this story about how Sun Microsystems' has donated 'elliptic curve' encryption technology, (developed by Whitfield Diffie of Diffie-Hellman public key fame) to the OpenSSL project. This potentially means better encryption for lighter-weight systems such as PDAs."
This discussion has been archived. No new comments can be posted.

OpenSSL Gets Cryptography Gift From Sun

Comments Filter:
  • by bsharitt (580506) <brandon@NoSPAm.sharitt.com> on Thursday September 19, 2002 @05:13PM (#4292708) Homepage Journal
    Sun is basically "arming the rebels" so they can better fight Microsoft. Even though they may have other motives, it's nice of them anyway.
  • by SHEENmaster (581283) <travis@utk.eNETBSDdu minus bsd> on Thursday September 19, 2002 @05:21PM (#4292784) Homepage Journal
    newlmsy akhtswnd whss adna nwsufaclanw!
  • by afidel (530433) on Thursday September 19, 2002 @05:23PM (#4292804)
    Since there is no known weakening from quantum computers of elyptic curve cryptosystems EC's may well be better for long term cryptography, even on supercomputers. Since it is pretty well known that the massive parallelism of quantom computers will greatly increase the ability of future systems to factor large numbers more traditional cyphers will be under more pressure.
  • by plcurechax (247883) on Thursday September 19, 2002 @05:46PM (#4292980) Homepage
    but since they are modular, we could also use them for traditional pgp style encryption, no? instead of symmetric keys, you could use a public key.

    SSL and PGP (or preferrably the newer OpenPGP [openpgp.org]) standard both use a hybrid scheme which uses both asymmetric and symmetric encryption algorithms.

    If you mean could elliptic curves schemes (ECDLP, ECDSA, ECDH) be used in OpenPGP as well as SSL/TLS; then yes as long as it was added to the OpenPGP standards [ietf.org] which I don't think includes ECC yet but has spaces reserved for future ECC use.
  • by clutch110 (528473) on Thursday September 19, 2002 @05:50PM (#4293005)
    I can see this as a positive step to secure the network end to end, from the server room down to the smallest of devices, the PDA.

    As it stands now, having a wireless network could be a blessing. Information available at your finger tips. PDAs have never been a strong focal point for security in my experience. It will be great to see a network that can be truly encrypted end to end.

    Now if only the user friendliness of this made it so that even the ordinary citizen could use it.
  • it's all strategy (Score:3, Insightful)

    by g4dget (579145) on Thursday September 19, 2002 @06:33PM (#4293293)
    Companies give software away for many reasons: PR, establishing standards, driving competitors out of the market, and hurting competitors financially are among them. Sharing development efforts may be as well, but usually is not. Sometimes such strategies are combined with "dual licensing schemes", where open source is used to gain a foothold in a commercially meaningless part of the market to prop up a product that otherwise wouldn't be competitive.

    Not all such gifts are useful for the recipient, and some are genuinely harmful to the interests of open source users. So, do look a gift horse in the mouth, or you may be stuck with large vet bills otherwise.

    This one seems harmless if it is on unpatented technology, or if the patents are free for use by open source.

  • by Florian Weimer (88405) <fw@deneb.enyo.de> on Friday September 20, 2002 @01:35AM (#4295332) Homepage
    There is a saying that in cryptography, there are three types of elliptic curves: the insecure ones, the inefficient ones, and those that have been patented by Certicom.

    I wonder which curves can be used with the code offered by Sun.

Facts are stubborn, but statistics are more pliable.

Working...