From: kragen@pobox.com
Date: Thu Feb 15 2001 - 11:18:29 PST
Chris Olds <colds@dydax.com> writes:
> On Thu, 8 Feb 2001, Strata Rose Chalup wrote:
> > Are there lower-wattage sources of random input for cryptographic key
> > generation to fall back on?
>
> Is there any alternative that is as easily available that isn't patented?
>
> http://www.delphion.com/details?pn=US05732138__
>
> US5732138: Method for seeding a pseudo-random number generator with a
> cryptographic hash of a digitization of a chaotic system
>
> What is claimed is:
> 1. A method for ensuring the security of a system from unauthorized
> access, comprising the steps of:
>
> digitizing a state of a chaotic system to form a set of binary bits;
> applying a hash function to the set of binary bits;
> obtaining a seed number from the hash function performed on the
> binary bits;
> inputting the seed number into a random number generator;
> using an output from the random number generator to form a password
> or cryptographic key, wherein the password or cryptographic key is
> used appropriately by the security system.
You could leave out the third and fourth steps to get a result that's
just as random but doesn't violate the patent; or you could record
systems that are not chaotic but merely random, such as nuclear decay,
radio or thermal noise, or network packet timings.
It's tempting to resort to violence when we see patents like these,
but I don't think that would really solve the problem. But slightly
more refined forms of violence might help. Wouldn't it be nice, for
example, if companies whose patents were found to be illegal had to
give back all their licensing revenues from those patents (or
licensing revenues they avoided paying, in the case of cross-licensing
deals?) Perhaps they could even become liable for the bad debts of
the competitors they bankrupted.
The real solution, though, is deeper. If you're an angel investor and
you invest $100,000 in 1% stakes in each of ten corporations, nine of
which do $200 million each in damages to other people's stuff, are
liable, and go bankrupt, and one of which does great things and
becomes worth $1 billion, you've lost $1,000,000 (and are responsible,
but not liable, for $20 million of damages) and gained $10 million.
In a just economic world, you would not be rewarded for destroying ten
million dollars net value. In a just economic world, there would be
no limited liability for corporate stockholders.
But there is, so investing in companies whose strategy could possibly
make big wins for them but will probably end up just doing lots of
damage to everybody else is rewarded. Patent piracy is a perfect
example.
This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 11:23:33 PST