[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SHA Patent status?

The work by Hans Dobbertin in demonstrating a constructed collision in 
MD5 may not constitute a smoking gun attack quite yet, but it
is certainly enough to make me quite nervous.

The obvious alternative would be SHA-1, or perhaps a double hash 
function that would involve both MD-5 and SHA-1, as Hugo Krazyck from 
IBM Research and I originally proposed to MasterCard, prior to the 
combined effort that resulted in the SET specification.

But before Novell jumps on board SHA-1, we want to have a
crystal clear understanding of any patent issues that might be involved,
so that we don't get sued for infringement after we have shipped 60,000

My understanding is that SHA was developed entirely by the US Government, 
and that therefore the patent issue should be free and clear.  but
does anyone know of any counter claims, by anyone?