From owner-freebsd-security Fri Mar 26 8:21:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 5C1A91514C for ; Fri, 26 Mar 1999 08:20:56 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id IAA05283; Fri, 26 Mar 1999 08:20:33 -0800 (PST) (envelope-from dillon) Date: Fri, 26 Mar 1999 08:20:33 -0800 (PST) From: Matthew Dillon Message-Id: <199903261620.IAA05283@apollo.backplane.com> To: Linus Nordberg Cc: Mike Thompson , freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH References: <4.1.19990325103002.00abc6e0@mail.dnai.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :Mike Thompson writes: : : As a new software/internet company we want to be responsible for : paying for the licensed software from both a moral and legal : perspective. : :speaking of morality/legality and ssh i'd like to point out that the :legal aspects of the bignum code in ssh2 is in strong doubt. : :according to , they :have simply stolen the gmp code and now claim that they wrote it. : :--linus That's a pretty old message. If you look at the followups to it you will find the counterargument from the ssh 2 people, and a third example from even older bignum source code that is very similar to the ssh 2 and gmp code. There are only so many ways a bignum library can be written. Still, I think the GMP author was right in regards to the SSH 2 people using his code verbatim. On the otherhand, bignum is something that a good programmer could write from scratch in a week. The last two postings in the thread note that the bignum code can be derived from Knuth's Seminumerical Alg. book fairly easily... in a few hours. I'd agree with that comment too. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message