[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remember, RC4 is now PC1



> Umm, if the _algorithm_ is different enough, it's a different algorithm and
> it's not even an issue.   I guess you mean if the algorithm is the
> substantially the same, but the code implementing it is substantially
> different.

Well, maybe something like using the same core algorithm but a very 
different (and better?) key expansion algorithm, for instance.
 
> But I'm not sure that matters anyway.  The way I understand it with trade
> secrets is:  If I'm an employee of PKP (let's pretend they have employees
> who actually look at code), and they want to keep something a trade secret,
> they make me sign a non-disclosure agreement.  If I break it, and they can
[..]

But what if someone reverse engineered an algorithm, worked on 
it a few months, and then published something on the net, with a 
different key set up routine, and a very similar core algorithm 
(different for one or two operations, but an improvement) and 
discussed it in terms of having constructed the algorithm himself.

It has nothing to do with anyone signing non-disclosure agreements, 
since if the cipher is widely used in popular software, sooner or 
later someone will reverse engineer it.

> Trade secrets don't really have any legal standing or protection, for the
> most part.  They're just things a company is trying to keep secret, for the
> most part.  Generally by using non-disclosure agreements.

And my point is that what if somebody publishes something and offers 
it in the public domain that is strikingly similar but not the same, 
with no clear way to tell if it was invented separately or reverse 
engineered and fudged?

I can imagine a hacker doing that to another trade secret cipher... I 
can also imagine someone reinventing the same cipher if it's simple 
enough.

That's another problem with trade secrets.

 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <[email protected]> for a copy of my PGP key.