[Lazarus] is scrypt available?

Mark Morgan Lloyd markMLl.lazarus at telemetry.co.uk
Thu Oct 29 00:05:03 CET 2015


wkitty42 at windstream.net wrote:

>> Go on...
> 
> crypto patents or something, i guess... it says that if there are any 
> patents in the software that the code cannot be used... click the link 
> and read it and you'll see it, too...

That's standard boilerplate, which he put in specifically because there 
was a handful of attempted patents covering compression algorithms 
(Unisys, BT, PKWARE and at least one held by IBM). I think the last of 
those expired in something like 2007 and I'm pretty sure that zlib etc. 
predates that... apart from anything else any compressed GIFs were 
believed to sail close to the Unisys patent.

>> The Unisys and BT patents are the ones that have given most people 
>> problems,
>> which is why I cited that page.
> 
> yeah... AFAIK, zip or zlib stuff isn't used in this... or is it?

As I said, he's using the same boilerplate license for all his stuff.

I am not a lawyer, but my understanding is that software patents have 
not been thoroughly tested in any jurisdiction. I think the consensus is 
that an algorithm probably can't be patented while a specific method of 
using one or more algorithms might be patentable, which means that you 
can probably use any published hash algorithm with impunity but 
something more complex like Diffie-Hellman might be less clear-cut.

In any event, if the details of e.g. a hash algorithm have been formally 
published then it probably can't be subsequently patented, and if the 
author didn't reveal that he'd applied for patents before publication 
he'd not make himself popular. For an extreme case of this, consider the 
Rambus debacle.

There might be separate issues relating to copyright, but truth can't be 
copyrighted and an algorithm is, by definition, an expression of truth: 
there's no scope for opinion or subjective decisions. As an example 
consider SCO's attempts to claim ownership of the Linux kernel (and the 
row Oracle and Sun are having over Java), where the important point is 
whether stuff which appears in both has been copied or is quite simply 
doable in only one way.

So as I've said, I'm using Tiger2 for hashes since (a) it was openly 
published, (b) if Ross Anderson finds I've screwed something up and 
feels it's to his discredit he's close enough to make it worth being 
polite and (c) if he /really/ doesn't like something I've done we're in 
the same legal jurisdiction.

-- 
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]




More information about the Lazarus mailing list