All posts by Bradley M. Kuhn

It’s a Wonderful FLOSS!

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/24/capra-free-software.html

I suppose it’s time for me to confess. For a regular humbug who was
actually memory-leak-hunting libxml2 at the office until 21:30 on December
24th, I’m still quite a sucker for Frank Capra movies. Most people
haven’t seen any of them except It’s a Wonderful Life. Like
a lot of people, I see that film annually one way or the other, too.

Fifteen years ago, I wrote a college paper on Capra’s vision and
worldview; it’s not surprising someone who has devoted his life to Free
Software might find resonance in it. Capra’s core theme is simple (some
even call it simplistic): An honest, hard-working idealist will always
overcome if he never loses sight of community and simply refuses any
temptation of corruption.

I don’t miss the opportunity to watch It’s a Wonderful
Life
when it inevitably airs each year. (Meet John
Doe
sometimes can be found as well around this time of year
— catch that one too if you can.) I usually perceive something
new in each viewing.

(There are It’s a Wonderful Life spoilers below here; if
you actually haven’t seen it, stop here.)

This year, what jumped out at me was the second of the three key
speeches that George Bailey gives in the film. This occurs during the
bank run, when Building and Loan investors are going to give up on the
organization and sell their shares immediately at half their worth. I
quote the speech in its entirety:

You’re thinking of this place all wrong. As if I had the money back in a
safe. The money’s not here. Your money’s in Joe’s house; that’s right
next to yours. And in the Kennedy house, and Mrs. Macklin’s house, and a
hundred others. Why, you’re lending them the money to build, and then,
they’re going to pay it back to you as best they can. Now what are you
going to do? Foreclose on them?

[Shareholders decide to go to Potter and
sell. Bailey stops the mob.]

Now wait; now listen. Now listen to me. I
beg of you not to do this thing. If Potter gets hold of this Building and
Loan there’ll never be another decent house built in this town. He’s
already got charge of the bank. He’s got the bus line. He got the
department stores. And now he’s after us. Why?

Well, it’s very simple. Because we’re cutting in on his business,
that’s why, and because he wants to keep you living in his slums and
paying the kind of rent he decides. Joe, you had one of those Potter
houses, didn’t you? Well, have you forgotten? Have you forgotten what he
charged you for that broken-down shack?

Ed, you know! You remember last year when things weren’t going so well,
and you couldn’t make your payments? You didn’t lose your house, did you?
Do you think Potter would have let you keep it?

Can’t you understand what’s happening here? Don’t you see what’s
happening? Potter isn’t selling. Potter’s buying! And why? Because
we’re panicking and he’s not. That’s why. He’s picking up some bargains.
Now, we can get through this thing all right. We’ve got to stick
together, though. We’ve got to have faith in each other.

Perhaps this quote jumped out on me because all the bank run jokes made
this year. However, that wasn’t the first thing that came to mind.
Instead, I thought immediately of Microsoft’s presence at OSCON this
year and the launch of their campaign to pretend they haven’t spent the
last ten years trying destroy all of Free Software and Open Source.

In the film, Potter eventually convinces George to come by his office
for a meeting, offers him some fine cigars, and tells him
that George’s ship has come in because Potter is ready to give
him a high paying job. George worries that the Building and Loan will fail
if he takes the job. Potter’s (non)response is: Confounded, man, are
you afraid of success!?

It’s going to get more tempting to make deals with Microsoft. We’re
going to feel like their sudden (seemingly) positive interest in us
— like Potter’s sudden interest in George — is something to
make us proud. It is, actually, but not for the obvious reason. We’re
finally a viable threat to the future of proprietary software. They’ve
reached the stage where they know they can’t kill us. They are going to
try to buy us, try to corrupt us, try to do anything they can to
convince us to give up our principles just to make our software a little
better or a little more successful. But we can do those things anyway, on our own, in the fullness of time.

Never forget why they are making the offer. Microsoft is unique
among proprietary software companies: they are the only ones who have
actively tried to kill Open Source and Free Software. It’s not
often someone wants to be your friend after trying to kill you for ten
years, but such change is cause for suspicion. George was smart enough
to see this and storm out of Potter’s office, saying: You sit around here and spin your little webs and think the whole world revolves
around you and your money! Well, it doesn’t, Mr. Potter!
. To
Microsoft, I’d say: and that goes for you, too!

It’s a Wonderful FLOSS!

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/24/capra-free-software.html

I suppose it’s time for me to confess. For a regular humbug who was
actually memory-leak-hunting libxml2 at the office until 21:30 on December
24th, I’m still quite a sucker for Frank Capra movies. Most people
haven’t seen any of them except It’s a Wonderful Life. Like
a lot of people, I see that film annually one way or the other, too.

Fifteen years ago, I wrote a college paper on Capra’s vision and
worldview; it’s not surprising someone who has devoted his life to Free
Software might find resonance in it. Capra’s core theme is simple (some
even call it simplistic): An honest, hard-working idealist will always
overcome if he never loses sight of community and simply refuses any
temptation of corruption.

I don’t miss the opportunity to watch It’s a Wonderful
Life
when it inevitably airs each year. (Meet John
Doe
sometimes can be found as well around this time of year
— catch that one too if you can.) I usually perceive something
new in each viewing.

(There are It’s a Wonderful Life spoilers below here; if
you actually haven’t seen it, stop here.)

This year, what jumped out at me was the second of the three key
speeches that George Bailey gives in the film. This occurs during the
bank run, when Building and Loan investors are going to give up on the
organization and sell their shares immediately at half their worth. I
quote the speech in its entirety:

You’re thinking of this place all wrong. As if I had the money back in a
safe. The money’s not here. Your money’s in Joe’s house; that’s right
next to yours. And in the Kennedy house, and Mrs. Macklin’s house, and a
hundred others. Why, you’re lending them the money to build, and then,
they’re going to pay it back to you as best they can. Now what are you
going to do? Foreclose on them?

[Shareholders decide to go to Potter and
sell. Bailey stops the mob.]

Now wait; now listen. Now listen to me. I
beg of you not to do this thing. If Potter gets hold of this Building and
Loan there’ll never be another decent house built in this town. He’s
already got charge of the bank. He’s got the bus line. He got the
department stores. And now he’s after us. Why?

Well, it’s very simple. Because we’re cutting in on his business,
that’s why, and because he wants to keep you living in his slums and
paying the kind of rent he decides. Joe, you had one of those Potter
houses, didn’t you? Well, have you forgotten? Have you forgotten what he
charged you for that broken-down shack?

Ed, you know! You remember last year when things weren’t going so well,
and you couldn’t make your payments? You didn’t lose your house, did you?
Do you think Potter would have let you keep it?

Can’t you understand what’s happening here? Don’t you see what’s
happening? Potter isn’t selling. Potter’s buying! And why? Because
we’re panicking and he’s not. That’s why. He’s picking up some bargains.
Now, we can get through this thing all right. We’ve got to stick
together, though. We’ve got to have faith in each other.

Perhaps this quote jumped out on me because all the bank run jokes made
this year. However, that wasn’t the first thing that came to mind.
Instead, I thought immediately of Microsoft’s presence at OSCON this
year and the launch of their campaign to pretend they haven’t spent the
last ten years trying destroy all of Free Software and Open Source.

In the film, Potter eventually convinces George to come by his office
for a meeting, offers him some fine cigars, and tells him
that George’s ship has come in because Potter is ready to give
him a high paying job. George worries that the Building and Loan will fail
if he takes the job. Potter’s (non)response is: Confounded, man, are
you afraid of success!?

It’s going to get more tempting to make deals with Microsoft. We’re
going to feel like their sudden (seemingly) positive interest in us
— like Potter’s sudden interest in George — is something to
make us proud. It is, actually, but not for the obvious reason. We’re
finally a viable threat to the future of proprietary software. They’ve
reached the stage where they know they can’t kill us. They are going to
try to buy us, try to corrupt us, try to do anything they can to
convince us to give up our principles just to make our software a little
better or a little more successful. But we can do those things anyway, on our own, in the fullness of time.

Never forget why they are making the offer. Microsoft is unique
among proprietary software companies: they are the only ones who have
actively tried to kill Open Source and Free Software. It’s not
often someone wants to be your friend after trying to kill you for ten
years, but such change is cause for suspicion. George was smart enough
to see this and storm out of Potter’s office, saying: You sit around here and spin your little webs and think the whole world revolves
around you and your money! Well, it doesn’t, Mr. Potter!
. To
Microsoft, I’d say: and that goes for you, too!

It’s a Wonderful FLOSS!

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/24/capra-free-software.html

I suppose it’s time for me to confess. For a regular humbug who was
actually memory-leak-hunting libxml2 at the office until 21:30 on December
24th, I’m still quite a sucker for Frank Capra movies. Most people
haven’t seen any of them except It’s a Wonderful Life. Like
a lot of people, I see that film annually one way or the other, too.

Fifteen years ago, I wrote a college paper on Capra’s vision and
worldview; it’s not surprising someone who has devoted his life to Free
Software might find resonance in it. Capra’s core theme is simple (some
even call it simplistic): An honest, hard-working idealist will always
overcome if he never loses sight of community and simply refuses any
temptation of corruption.

I don’t miss the opportunity to watch It’s a Wonderful
Life
when it inevitably airs each year. (Meet John
Doe
sometimes can be found as well around this time of year
— catch that one too if you can.) I usually perceive something
new in each viewing.

(There are It’s a Wonderful Life spoilers below here; if
you actually haven’t seen it, stop here.)

This year, what jumped out at me was the second of the three key
speeches that George Bailey gives in the film. This occurs during the
bank run, when Building and Loan investors are going to give up on the
organization and sell their shares immediately at half their worth. I
quote the speech in its entirety:

You’re thinking of this place all wrong. As if I had the money back in a
safe. The money’s not here. Your money’s in Joe’s house; that’s right
next to yours. And in the Kennedy house, and Mrs. Macklin’s house, and a
hundred others. Why, you’re lending them the money to build, and then,
they’re going to pay it back to you as best they can. Now what are you
going to do? Foreclose on them?

[Shareholders decide to go to Potter and
sell. Bailey stops the mob.]

Now wait; now listen. Now listen to me. I
beg of you not to do this thing. If Potter gets hold of this Building and
Loan there’ll never be another decent house built in this town. He’s
already got charge of the bank. He’s got the bus line. He got the
department stores. And now he’s after us. Why?

Well, it’s very simple. Because we’re cutting in on his business,
that’s why, and because he wants to keep you living in his slums and
paying the kind of rent he decides. Joe, you had one of those Potter
houses, didn’t you? Well, have you forgotten? Have you forgotten what he
charged you for that broken-down shack?

Ed, you know! You remember last year when things weren’t going so well,
and you couldn’t make your payments? You didn’t lose your house, did you?
Do you think Potter would have let you keep it?

Can’t you understand what’s happening here? Don’t you see what’s
happening? Potter isn’t selling. Potter’s buying! And why? Because
we’re panicking and he’s not. That’s why. He’s picking up some bargains.
Now, we can get through this thing all right. We’ve got to stick
together, though. We’ve got to have faith in each other.

Perhaps this quote jumped out on me because all the bank run jokes made
this year. However, that wasn’t the first thing that came to mind.
Instead, I thought immediately of Microsoft’s presence at OSCON this
year and the launch of their campaign to pretend they haven’t spent the
last ten years trying destroy all of Free Software and Open Source.

In the film, Potter eventually convinces George to come by his office
for a meeting, offers him some fine cigars, and tells him
that George’s ship has come in because Potter is ready to give
him a high paying job. George worries that the Building and Loan will fail
if he takes the job. Potter’s (non)response is: Confounded, man, are
you afraid of success!?

It’s going to get more tempting to make deals with Microsoft. We’re
going to feel like their sudden (seemingly) positive interest in us
— like Potter’s sudden interest in George — is something to
make us proud. It is, actually, but not for the obvious reason. We’re
finally a viable threat to the future of proprietary software. They’ve
reached the stage where they know they can’t kill us. They are going to
try to buy us, try to corrupt us, try to do anything they can to
convince us to give up our principles just to make our software a little
better or a little more successful. But we can do those things anyway, on our own, in the fullness of time.

Never forget why they are making the offer. Microsoft is unique
among proprietary software companies: they are the only ones who have
actively tried to kill Open Source and Free Software. It’s not
often someone wants to be your friend after trying to kill you for ten
years, but such change is cause for suspicion. George was smart enough
to see this and storm out of Potter’s office, saying: You sit around here and spin your little webs and think the whole world revolves
around you and your money! Well, it doesn’t, Mr. Potter!
. To
Microsoft, I’d say: and that goes for you, too!

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.

One gpg –gen-key per Decade

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/09/gpg-gen-key-decade.html

Today is an interesting anniversary (of sorts) for my cryptographic
infrastructure. Nine years ago today, I generated the 1024 bit DSA key,
DB41B387, that has been my GPG key every day since then. I remember
distinctly that on the 350 MhZ machine I used at the time, it took quite
a while to generate, even though I made sure the entropy pool remained
nice and full by pounding on the keyboard.

The horribleness of the
recent Debian vulnerability
meant that I have spent a much time
this year pondering the pedigree my personal cryptographic
infrastructure. Of course, my key was far too old to have been
generated on a Debian-based system that had that particular
vulnerability. However, the issue that really troubled me this
past summer was this:

Some DSA keys may be compromised by only their use. A strong
key (i.e., generated with a ‘good’ OpenSSL) but used locally
on a machine with a ‘bad’ OpenSSL must be considered to be
compromised. This is due to an ‘attack’ on DSA that allows the
secret key to be found if the nonce used in the signature is reused or
known.

Not being particularly hard core on cryptographic knowledge — most of my expertise comes from only one class I took 11 years ago on
Encryption, Compression, and Secure Hashing in graduate school —
I found this alarming and tried my best to do some ancillary reading.
It seems that DSA keys, in many ways, are less than optimal. It seems
(to my mostly uneducated eye) in skimming academic papers that DSA keys
are tougher to deploy right and keep secure, which leads to these sorts
of possible problems.

I’ve resolved to switch entirely to RSA keys. The great thing about
RSA is its simplicity and ease of understanding. I grok factoring and
understand better the complexity situation of the factoring problem
(this time, from the two graduate courses I took on Complexity
Theory, so my comfort is more solid :). I also find it intriguing that
a child can learn how to factor in grade school, yet we can’t teach a
computer to do it efficiently. (By contrast, I didn’t learn the
discrete logarithm problem until my Freshman year of college, and I
still have to look up the details to remind myself.) So, the
“simplicity brings clarity” idea hints that RSA is a better
choice.

Fact is, there was only one reason why I revoked my ancient RSA
keys and generated DSA ones in the 1990s. The RSA patent and the strict
licensing of that patent by RSA Data Security, Inc. made it impossible
to implement RSA in Free Software back then. So, when I switched from
proprietary PGP to GPG, my keys wouldn’t import. Indeed, that one RSA
patent alone set back the entire area of Free Software cryptography at least ten years.

So, when I decided this evening that I’d need to generate a new key and
begin promulgating it at key-signing parties sometime before DB41B387
turns ten, I realized I actually have the freedom to choose my
encryption algorithm now! Sadly, it took almost these entire nine years
to get there. Our community did not only have to wait out this
unassailable patent. (RSA is among the most novel and non-obvious ideas
that most computer professionals will ever seen in their lives). Once
the RSA patent finally expired0, we had to then slowly but
surely implement and deploy it in cryptographic programs, from
scratch.

I’m still glad that we’re free of the RSA patent, but I fear among the
mountain of “software patents” granted each year, that the
“new RSA” — a perfectly valid, non-obvious and novel
patent that reads on software and fits both the industry’s and patent
examiner’s definition of “high quality” — is waiting
to be discovered and used as a weapon to halt Free Software again. When
I finally type gpg --gen-key (now with
--expert mode!) for the first time in nine years, I hope
I’ll only experience the gladness of being able to generate an RSA key,
and succeed in ignoring the fact that RMS’
old essay about this issue remains a cautionary tale
to this very
day. Software patents are a serious long-term threat and must be
eradicated entirely for the sake of software freedom. The biggest threat among them will always be the “valid”, “high quality”
software patents, not the invalid, poor quality ones.


0 Technically speaking,
RSA didn’t need to expire. In a seemingly bizarre
move
, RSA Data Security, Inc. granted a Free license to the
patent a few weeks before the actual expiration date. To
this day, I believe the same theory I espoused at the time:
their primary goal in doing this was merely to ruin all the
“RSA is Free” parties that had been planned.