Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It says this patent covers using SSL with RC4. SSL dates back to Netscape, was released in 1995, and has no one involved in it has anything to do with the patent holder here. RC4 was designed in 1987 by Ron Rivest who also has nothing to do with this case.

Someone named Michael Jones patented using SSL with RC4. Which in seems was a known and used combination at the time he did so, as was testified by the expert witness? But the jury thought that not relevant.

The patent would seem to avoidable if say using AES instead.

Caution: I don't know what I am talking about and just looked the above up on wikipedia, which I probably misunderstood. Hopefully someone who understands this in more depth will post.



You really have to read the claims to understand what the patent covers instead of trying to understand it from what is infringing. This patent has pretty easy-to-read claims. It essentially covers an encryption method where the encryption/decryption keys are updated (edit to correct my misreading) if a certain number of bytes are detected to have been exchanged. It's kind of a key-synchronization method.


Then I'm actually puzzled by how it applies to NewEgg and so many other e-commerce companies.


US patent law counts as infringement making, selling, or using anything covered by the claims. NewEgg uses SSL with RC4 to secure their connections, the combination of which TQP contends, perform the steps covered by their claims.


going forward, maybe. but AES was not standardized until 2001, and not in wide browser adoption for what? another 10 years?


Maybe this will be the motivation everyone else needs to dump RC4?

http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of...


The patent has already expired. Feel free to use it to your heart's content.


Worse, there's the allegation that NSA can crack RC4 in realtime (although I don't know what that means, other than "fast").

https://twitter.com/ioerror/status/398059565947699200


realtime means your algorithm is guaranteed within a certain window of time, even accounting for delays talking to memory, caches, etc. If it's okay to "drop frames" it is referred to as "soft real time", otherwise it is referred to as "hard real time".

Soft example: Video decoding.

Hard example: Mars rover.


I'm not much into crypto but I'm pretty sure RC4 has been broken for a very long time now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: