From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_40,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8947310381c2a3f X-Google-Attributes: gid103376,public From: kilgallen@eisner.decus.org (Larry Kilgallen) Subject: Re: Ada & Encryption / Compression Date: 1997/03/06 Message-ID: <1997Mar6.083330.1@eisner>#1/1 X-Deja-AN: 223534698 X-Nntp-Posting-Host: eisner.decus.org References: <5fikh7$ras$1@nargun.cc.uq.edu.au> X-Nntp-Posting-User: KILGALLEN X-Trace: 857655214/27364 Organization: LJK Software Newsgroups: comp.lang.ada Date: 1997-03-06T00:00:00+00:00 List-Id: In article , John Howard writes: > Forget about doing your own RSA encryption. Ok, you got my attention. > 1) RSA is patented. You'd have to wait for the patent to expire. a. comp.lang.ada has international circulation. RSA is only patented in the United States. Even if the original poster was in the United States (not always obvious from email addresses) or planned to do the work in the United States (totally unknown absent a specific statement), there are many others who will read your comments who are not in the United States. b. Contrary to what you imply, the fact that something is patented does not prevent you from using it. it means that using it requires obtaining a license from the holder of the patent or their authorized representative. In the case of RSA, the patent holder (actually, assignee) is the Massachusetts Institute of Technology and the authorized representative for licenses is RSA Data Security Incorporated in Redwood Shores California. Their general web address for a patent license is: http://www.rsa.com/rsa/contracts/PatLicAgree.html but I notice it is down today. Those interested in the general range of charges for a license could certainly contact RSA Data Security Incorporated by other means. > 2) RSA can't be implemented unless you know the two large prime numbers > it uses (which are a secret). c. The RSA algorithm can use any two large prime numbers, and the numbers are made up by the person who will be using the RSA algorithm (with the help of a computer). > As of a year ago, RSA was still not > reported as cracked to reveal the two primes. Presumably many skilled > researchers have tried to crack RSA. d. That is the good part, unless the original poster said his goal was to _break_ RSA. When people say they are going to _use_ RSA, they generally mean they are going to make up their own prime numbers and take advantage of the fact that there are no easy methods of breaking RSA. "Easy" is related to the size of the prime numbers chosen, and a 129 digit (500 bits or so) challenge has been broken so contemporary wisdom is to use 1024 bits or so, except for the truly paranoid (the master key for VISA as an example) where 2048 bits is used. Absent an astounding breakthrough in factoring techniques, those who discuss the adequacy of key size in relation to Moore's Law (expanding computer potential) do so in terms of how much longer it would take than the predicted remaining life of the universe. All such approaches presume massively parallel efforts. Sorry to go on so long, but I hate egregious misinformation. Now I know how Robert Dewar feels with a typical day on c.l.a. Larry Kilgallen