Subject: Re: Novel anti-software-patent article
From: Lynn Winebarger <owinebar@free-expression.org>
Date: Fri, 7 Jan 2000 15:20:29 -0500 (EST)

On 7 Jan 2000, Ian Lance Taylor wrote:
> 
> Granted that most people don't care about security, but in those cases
> you might as well just use XOR.
> 
> With a crypto algorithm, you either reveal it, or you accept that it
> may be surprisingly weak.  You suggested keeping a trade secret as an
> alternative to patenting the algorithm.  I'm saying that it's
> pointless to rely on trade secret protection for a crypto algorithm
> which is meant to be strong.

  I'm not sure how it's pointless.  I'm sure the NSA has some strong
crypto that it keeps pretty secret.  (Of course, they are one of the few
institutions that employs enough cryptographers to make this reasonable).
  I only mentioned trade secret protection because it's the other branch
of IP, and some companies seem to be pursuing it, not because I think it's
a particularly great idea.

> If the crypto algorithm is not meant to be strong, then it really
> doesn't matter what you do, and in particular security by obscurity is
> perfectly reasonable.
> 
   I think they want it to be strong, I just doubt they agree with you (or
anyone saying "security through obscurity can't work well).
   Of course, once they've published software containing the algorithm,
it's no longer really a secret, anymore than if they had put it in a
published book (though it's considerably harder to read, all the necessary
information is in the executable).

Lynn