[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SHA Patent status?

To: spki@c2.org
Subject: SHA Patent status?
From: Bob Jueneman <bjueneman@novell.com>
Date: Wed, 03 Jul 1996 09:36:04 -0600
Encoding: 20 Text
Sender: owner-spki@c2.org

The work by Hans Dobbertin in demonstrating a constructed collision in 
MD5 may not constitute a smoking gun attack quite yet, but it
is certainly enough to make me quite nervous.

The obvious alternative would be SHA-1, or perhaps a double hash 
function that would involve both MD-5 and SHA-1, as Hugo Krazyck from 
IBM Research and I originally proposed to MasterCard, prior to the 
combined effort that resulted in the SET specification.

But before Novell jumps on board SHA-1, we want to have a
crystal clear understanding of any patent issues that might be involved,
so that we don't get sued for infringement after we have shipped 60,000
copies.

My understanding is that SHA was developed entirely by the US Government, 
and that therefore the patent issue should be free and clear.  but
does anyone know of any counter claims, by anyone?


Bob

Follow-Ups:

Re: SHA Patent status?

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: delegation conflict, background
Next by Date: Re: SHA Patent status?
Prev by thread: Re: delegation conflict, background
Next by thread: Re: SHA Patent status?
Index(es):
- Main
- Thread