[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encryption algorithms used in PrivaSoft (fwd)



David Clavadetscher of PrivaSoft writes:
> At this time our crypto engine is patented and proprietary. 

Ian Goldberg writes:
> Waitasec...  I was under the impression that if you patented it, you had to
> reveal it.  That's why RC4 isn't patented (it used to be a trade secret).

I think I have figured out now what Clavadetscher meant. According to the
PrivaSoft home page, the product uses "bitmap encryption". Inspired by your
mention of patents being published, I sought a relevant patent, and I believe
I've found it. U.S. Patent 5,321,749 was issued to a Richard Virga of Danbury,
CT in 1994. It describes a protocol for representing an arbitrary fax
document as a bitmap, encrypting it, and encoding it for transmission. 

The user inputs a password (4-20 characters) to be used as a session key. 
However, no encryption algorithm is specified. (The patent suggests the 
familiar method of seeding a PRNG with the session key, and XORing the 
resulting stream with the plaintext bitmap.)

Assuming this is in fact the scheme PrivaSoft uses, I posit that their
"crypto engine" consists of a patented (by someone who now works for them ?)
protocol wrapped around a proprietary encryption algorithm.

20 characters (the patent doesn't discuss constraints on the character set,
AFAIK) looks rather short. This is one possible reason for the Commerce 
Dept.'s export approval.

http://www.megasoft.com/privasoft/about.html discusses PrivaSoft.
ftp://town.hall.org/patent/data/05321/05321749 is the text of Patent 5,321,749.

-Futplex <[email protected]>