Source (was: Re: [rc5] Mac DESChall -> Mac Bovine RC5)

Adam L. Beberg beberg at
Fri Jun 20 00:12:48 EDT 1997

On Thu, 19 Jun 1997, Bob Krzaczek wrote:
> On Thu, 19 Jun 1997, Tom Guptill wrote:
> > If this is the case, then my machines will be leaving the effort when the
> > old clients stop working.  I originally move from the DES work to this
> > project largely because the source was made public.  Admittedly, y'all
> > probably won't miss our team that much (rc5 at,
> > somewhere around #100 on the list), but I'll bet that others will leave as
> > well.  I guess there's no point in my working on the current source for VMS
> > anymore until I find out if this is going to change...

Since i'm working on the primary code tree, I'll field this.

> A completely understandable point of view.  But I don't think this will be
> the case (at least, that's what I'm hoping).  I read the Bovine-RC5 FAQ,
> and though I can't double check what I read right now (the site hosting it
> is apparently being buried by net traffic), I thought I saw something
> about limited disclosure.  Or was that wishful thinking...? 

No, source will not be available to everyone, only the develelopment team.

> Heck, I'd even consider an NDA, with the stipulation that code not
> relating directly to the network communication or transport is publicly
> publishable.  That way, the Bovine folks keep their security, and those of
> us with more esoteric hardware can still port and participate. 

Yes, only the networking layer is really to be worried about keeping a
secret, other then that the code is nothing top-secret.  While we don't use
NDA's (lawyers suck, and they don't work anyway)  we do use the "dont let
this get out or you're endagering the work of thousands of people around the
world" method. The people doing the ports are therefore trusted. For those
odd platforms, guest accounts will be useful, as we have an ANSI-C++ version
we can drop in just about any UNIX system. A good coder on that platform
would be better so that an assembly optimized version can be done.
> (I've never been a fan of security through obscurity, but I realize that
> the developers are probably too swamped to deal with a public review of
> their protocol.  Besides, this is a short term protocol, and it's not like
> we'll be relying on it for years to come). 

The v2 clients use obscurity, yes it's not 2048bit RSA, but alot of work to
get around. the v3 clients are going to use IDEA/MD5/RSA and X.509 or some
combination. But i'm hoping my v3 protocol will be around a while.

Look for an update on the list tommorow, I'll be posting a status message
along with all the "what's up" information late tonight.

- Adam L. Beberg
  beberg at coordinator

To unsubscribe, send email to majordomo at with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list