RC4 Source Code Posted - A Response from RSA Data Security, Inc.

Path: bga.com!news.sprintlink.net!howland.reston.ans.net!agate!
ames!waikato!auckland.ac.nz!news
From: schn...@chinet.chinet.com (Bruce Schneier)
Newsgroups: sci.crypt,talk.politics.crypto,alt.security,alt.privacy,comp.security.misc
Subject: RC4 Source Code Posted - A Response from RSA Data Security, Inc.
Date: 18 Sep 1994 08:23:03 GMT
Organization: Chinet - Public Access UNIX
Lines: 38
Message-ID: <35gtd7$404@ccu2.auckland.ac.nz>
NNTP-Posting-Host: cs13.cs.aukuni.ac.nz
X-Newsreader: NN version 6.5.0 #7 (NOV)
Xref: bga.com sci.crypt:10123 talk.politics.crypto:
5738 alt.security:4488 alt.privacy:8779 comp.security.misc:5514

As most of you probably know, source code to RC4 was anonymously posted
to sci.crypt and to the Cypherpunks mailing list, and is now available
for anonymous ftp from sites all over the world.  The following is RSA
Data Security, Inc.'s response to this.  It seems like they wish to stuff
the genie back into the bottle.

Bruce

>From Mercury!RSA.COM!jim Fri Sep 16 18:42:29 1994
Return-Path: <Mercury!RSA.COM!jim>
Date: Fri, 16 Sep 94 16:08:34 PDT
From: j...@RSA.COM (Jim Bidzos)
To: schn...@chinet.chinet.com
Subject: Thank you Bob Anderson (fwd)

FYI... I'd appreciate if you posted this wherever you saw RC4...

                            WARNING NOTICE

    It has come to RSA Data Security's attention that certain RSA
trade secrets, in the form of confidential and proprietary source
code, have been misappropriated and disclosed.  Please be advised that
these acts, as well as any retransmission or use of this
misappropriated source code is a violation of the Uniform Trade
Secrets Act and various other state and federal laws.  Any person or
entity that acquires, discloses or uses this information is subject to
criminal and civil penalties including an injunction, compensatory
damages, punitive damages and payment of RSA's attorneys fees.

    RSA considers this misappropriation to be most serious.  Not only
is this act a violation of law, but its publication is a gross abuse
of the Internet.  RSA has begun an investigation and will proceed with
legal action against anyone found to have violated its intellectual
property rights.

Path: bga.com!news.sprintlink.net!howland.reston.ans.net!agate!
tcsi.tcs.com!uunet!news1.digex.net!access3!njacobs
From: nja...@access3.digex.net (Nick Jacobs)
Newsgroups: sci.crypt,talk.politics.crypto,alt.security,alt.privacy,
comp.security.misc
Subject: Re: RC4 Source Code Posted - A Response from RSA Data Security, Inc.
Date: 18 Sep 1994 07:20:30 -0400
Organization: Express Access Online Communications, Greenbelt, MD USA
Lines: 15
Message-ID: <njacobs.779886714@access3>
References: <35gtd7$404@ccu2.auckland.ac.nz>>
NNTP-Posting-Host: access3.digex.net
Xref: bga.com sci.crypt:10125 talk.politics.crypto:
5739 alt.security:4489 alt.privacy:8781 comp.security.misc:5515

Somebody quoted J. Bidzos, representing RSA, as follows:

>    It has come to RSA Data Security's attention that certain RSA
>trade secrets, in the form of confidential and proprietary source
>code, have been misappropriated and disclosed.

In other words, he's saying that the posted RC4 code is *not*
just code which duplicates the functionality of RSA's code.
He's saying that the actual posted code was stolen from
RSA. If that were the case, my sympathies in the matter would
be entirely with RSA. The big question is: Is Mr Bidzos telling
the truth?

Nick

Newsgroups: sci.crypt,talk.politics.crypto,alt.security,
alt.privacy,comp.security.misc
Path: bga.com!news.sprintlink.net!howland.reston.ans.net!
EU.net!uknet!info!iialan
From: iia...@iifeak.swan.ac.uk (Alan Cox)
Subject: Re: RC4 Source Code Posted - A Response from RSA Data Security, Inc.
Message-ID: <CwFD6E.G11@info.swan.ac.uk>
Sender: ne...@info.swan.ac.uk
Nntp-Posting-Host: iifeak.swan.ac.uk
Organization: Institute For Industrial Information Technology
References: <35gtd7$404@ccu2.auckland.ac.nz> <>> 
<njacobs.779886714@access3>
Date: Tue, 20 Sep 1994 10:59:01 GMT
Lines: 17
Xref: bga.com sci.crypt:10286 talk.politics.crypto:
5826 alt.security:4537 alt.privacy:8905 comp.security.misc:5574

In article <njacobs.779886714@access3> 
nja...@access3.digex.net (Nick Jacobs) writes:
>In other words, he's saying that the posted RC4 code is *not*
>just code which duplicates the functionality of RSA's code.
>He's saying that the actual posted code was stolen from
>RSA. If that were the case, my sympathies in the matter would
>be entirely with RSA. The big question is: Is Mr Bidzos telling
>the truth?

And would he like to post the original for comparison 8)

Alan

-- 
  ..-----------,,----------------------------,,----------------------------,,
 // Alan Cox  //  iia...@www.linux.org.uk   //  GW4PTS@GB7SWN.#45.GBR.EU  //
 ``----------'`----------------------------'`----------------------------''