Xref: utzoo comp.compression:214 sci.crypt:4419
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!msuinfo!news
From: riordanmr@clvax1.cl.msu.edu (Mark Riordan)
Newsgroups: comp.compression,sci.crypt
Subject: Re: Security of PKZIP's encryption/RSA source
Message-ID: <1991Apr3.175611.29439@msuinfo.cl.msu.edu>
Date: 3 Apr 91 17:56:11 GMT
References: <1991Mar26.150049.20882@athena.cs.uga.edu> <1991Apr2.070810.10812@maverick.ksu.ksu.edu> <1991Apr3.041950.20991@bellcore.bellcor <1991Apr3.070045.22296@nntp-server.caltech.edu>
Sender: news@msuinfo.cl.msu.edu
Organization: Michigan State University
Lines: 29

In article <1991Apr3.070045.22296@nntp-server.caltech.edu>, madler@nntp-server.caltech.edu (Mark Adler) says:
>>> Although the PKZIP feature is fast
>>> and convenient, when I want real security I encrypt the entire .ZIP
>>> archive with DES.
>
>Sounds pretty secure.  Then again, I'm not sure I'd trust any encryption
>method that was approved by the NSA.  Especially since they will not say
>how the various arbitrary-looking bit flipping was derived.
>
>Is there any source out there for RSA encryption?

I have written a simple implementation of RSA,
but I've been advised not to distribute
it due to the possibility of "inciting infringement" of RSA's
patent.  Obviously, any other source of RSA source code
would have the same problem.

DEC and RSA have an agreement that allows them to distribute
the source to Sphinx (see my recent posting) for demo purposes
only (or something like that).  The source to an RSA implementation is 
available as an optional part of that distribution.

If your interest in RSA is due to the desire for a replacement for DES and
not due to an interest in public key systems, obviously there are many
alternatives which are faster and less legally encumbered than RSA.
Snuffle (based on Snefru),  and Khufu come to mind, and I'm sure there
are many others.

Mark Riordan   Mich State University   riordanmr@clvax1.cl.msu.edu