SSH_CIPHER_NONE 0 No encryption
SSH_CIPHER_IDEA 1 IDEA
in CFB mode
SSH_CIPHER_DES 2
DES in CBC mode
SSH_CIPHER_3DES 3 Triple-DES
in CBC mode
SSH_CIPHER_TSS 4
An experimental stream cipher
SSH_CIPHER_RC4 5
RC4
All implementations must support SSH_CIPHER_3DES, the rest are optional.
We'll also need an MD5 implementation for data integrity checking.
RSA is also used for intial authentication.
RSA provides RSAREF is a public library that allows you to use RSA
encryption for non-profit uses. Otherwise you need to license the
RSA encryption technology from them.
Some of the source code aggregated with this distribution is licensed
by
third parties under different terms, so the restrictions above
may not
apply to such components.
We do not imply to give any licenses to any patents or copyrights
held by
third parties. As far as we know, all included source code
is used in
accordance with the relevant license agreements and can be used
and
distributed freely for any purpose (the GNU license being the most
restrictive); see below for details.
The RSA algorithm and even the concept of public key encryption
are
claimed to be patented in the United States. These patents
may interfere
with your right to use this software. It is possible to compile
the
software using the RSAREF2 library by giving --with-rsaref on the
configure command line. This may or may not make it legal to use
this
software for non-commercial purposes in the United States (we have
sent a
query about this to RSADSI (on July 10, 1995), but have not received
a
final answer yet). The RSAREF2 distribution is not included
in this
distribution, but can be obtained from almost any ftp site world-wide
containing cryptographic materials. Using RSAREF is not recommended
outside the United States. See "http://www.cs.hut.fi/crypto/"
if you have
trouble finding the RSAREF library.
The IDEA algorithm is claimed to be patented in the United States
and
several other countries. We have been told by Ascom-Tech
(the patent
holder) that IDEA can be used freely for non-commercial use.
A copy of
their letter is at the end. The software can be compiled
without IDEA by
specifying the --without-idea option on the configure command line.
The DES implementation in this distribution is derived from the
libdes
library by Eric Young <eay@mincom.oz.au>. It can be used
under the Gnu
General Public License (libdes-COPYING) or the Artistic License
(libdes-ARTISTIC), at your option. See libdes-README for
more
information. Eric Young has kindly given permission to distribute
the
derived version under these terms. The file crypt.c is fcrypt.c
from
SSLeay-0.4.3a by Eric Young; he permits free use.
The GNU Multiple Precision Library, included in this release and
linked
into the executable, is distributed under the GNU Library Public
License.
A copy can be found in gmp-2.0/COPYING.LIB.
The zlib compression library is copyright Jean-loup Gailly and Mark
Adler.
Anyone is permitted to use the library for any purpose. A
copy of the
license conditions can be found in zlib-1.0.4/README.
The make-ssh-known-hosts script was contributed by Tero Kivinen
<kivinen@niksula.hut.fi> and is distributed under the GNU General
Public License. A copy can be found in gnu-COPYING-GPL.
Some files, such as memmove.c and random.c, are owned by the Regents
of
the University of California, and can be freely used and distributed.
License terms are included in the affected files. The file
scp.c is
derived from code owned by the Regents of the University of California,
and can be used freely.
The TSS encryption algorithm implementation in tss.c is copyright
Timo
Rinne <tri@iki.fi> and Cirion Oy. It is used with permission,
and
permission has been given for anyone to use it for any purpose
as part of
SSH.
The MD5 implementation in md5.c was taken from PGP and is due to
Colin
Plumb. Comments in the file indicate that it is in the public
domain.
The 32-bit CRC implementation in crc32.c is due to Gary S. Brown.
Comments
in the file indicate it may be used for any purpose without restrictions.
In some countries, particularly France, Russia, Iraq, and Pakistan,
it may
be illegal to use any encryption at all without a special permit,
and the
rumor is that you cannot get a permit for any strong encryption.
If you are in the United States, you should be aware that while
this
software was written outside the United States using information
publicly available everywhere, the United States Government may
consider it a criminal offence to export this software from the
United
States once it has been imported. The rumor is that "the
federal
mandatory sentencing guidelines for this offence are 41 to 51 months
in federal prison". The rumor says that the US government
considers
putting the software available on an ftp site the same as exporting
it. Contact the Office of Defence Trade Controls if you need
more
information. Also, please write to your congress and senate
representatives to get these silly and unconstitutional restrictions
dropped.
Note that any information and cryptographic algorithms used in this
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office world-wide.
More
information can be found e.g. at "http://www.cs.hut.fi/crypto/".
The legal status of this program is some combination of all these
permissions and restrictions. Use only at your own responsibility.
You
will be responsible for any legal consequences yourself; we are
not making
any claims whether possessing or using this is legal or not in
your
country, and we are not taking any responsibility on your behalf.
Below is a copy of a message that we received from Ascom, the holder
of
the IDEA patent.
Date: Tue, 15 Aug 95 09:09:59 CET
From: IDEA@ascom.ch (Licensing Systec)
Encoding: 3001 Text
To: ylo@cs.hut.fi
Subject: Phone Call 15.8.95
Dear Mr. Ylonen
Thank you for your inquiry about the IDEA
encryption algorithm.
Please excuse the delay in answering your
fax sent 26.6.95.
Here is the information you requested
:
Non commercial use of IDEA is free. The
following examples (regarding
PGP) should clarify what we mean by commercial
and non-commercial use
Here are some examples of commercial use
of PGP:
1. When PGP is used for signing and/or
encrypting e-mail messages
exchanged between two corporations.
2. When a consultant uses PGP for his
communications with his client
corporations.
3. When a bank makes PGP available to
its clients for telebanking and
charges them money for it (directly or
indirectly).
4. When you use the software you receive
from a company for commercial
purposes (telebanking included).
Some examples of non commercial use:
1. When an individual uses PGP for his
private communications.
2. When an individual obtains PGP on the
Internet and uses it for
telebanking (assuming this is approved
by the bank).
3. When you use the software you receive
from a company for private
purposes (telebanking excluded).
You may use IDEA freely within your software
for non commercial use.
If you include IDEA in your software,
it must include the following
copy right statement :
1. Copyright and Licensing Statement
IDEA(tm) is a trademark
of Ascom Systec AG. There is no license fee
required for non-commercial
use. Commercial users of IDEA may
obtain licensing information
from Ascom Systec AG.
e-mail: IDEA@ascom.ch
fax: ++41 64 56 59 54
For selling the software commercially
a product license is required:
The PRODUCT LICENSE gives a software developer
the right to implement
IDEA in a software product and to sell
this product worldwide. With
the PRODUCT LICENSE we supply a source
listing in C and a software
manual. We charge an initial fee per company
and a percentage of sales
of the software product or products (typically
between .5 and 4 per
cent of the sales price, depending on
the price and the importance of
IDEA for the product).
For further information please do not
hesitate to contact us.
Best regards,
Roland Weinhart
Ascom Systec Ltd
IDEA Licensing
@@@@@ @@@@@ @@@@@ @@@@@ @@@@@@@
Gewerbepark
@ @ @ @ @ @
@ @
CH-5506 Maegenwil
@@@@@ @@@@@ @ @ @ @ @ @
Switzerland
@ @ @ @ @
@ @ @ @
Phone ++41 64 56 59 54
@@@@@ @@@@@ @@@@@ @@@@@ @ @ @
Fax ++41 64 56 59 98
Patent Issues
This library contains a number of algorithms which are covered by
patents.
These algorithms are Diffie-Hellman, DSA, IDEA, RC5, and RSA.
A number of
patent holders have very generously granted a license for royalty-free
use of
the algorithms in the library under certain circumstances, as explained
below.
Diffie-Hellman and DSA:
The practice of Diffie-Hellman key exchange is covered by
United States
Patent No 4,200,770 ('Cryptographic Apparatus and Method')
which expires in
September 1997. The Canadian equivalent expires in
September 1998.
The practice of all other public key algorithms is covered
by United States
Patent No 4,218,582 ('Public Key Cryptographic Apparatus
and Method') which
expires in October 1998. Numerous equivalent patents
have been issued in
Europe and Japan which expire in October 1998. These
patents are licensed
exclusively by Cylink Corporation of Sunnyvale, California.
Cylink has
granted a license to all users of this library for non-commercial
use,
including research by non-profit institutions. This
means you may
incorporate this library in software which is distributed
for free, provided
you include the following notice in the software and all
collateral
documentation which states:
The use of the public key algorithms in this software is
covered by US
Patents No 4,200,770 ('Cryptographic Apparatus and Method')
and 4,218,582
('Public Key Cryptographic Apparatus and Method') which
are licensed
exclusively by Cylink Corporation.
In order to promote open standards for public key algorithms,
Cylink has
initiated a low cost licensing program for commercial use
of public key. For
more information, contact Cylink's web page at www.cylink.com
or e-mail
legal@cylink.com.
IDEA:
The IDEA algorithm is patented by Ascom Systec Ltd. of CH-5506
Maegenwil,
Switzerland, who allow it to be used on a royalty-free basis
for certain
non-profit applications. Commercial users must obtain
a license from the
company in order to use IDEA. IDEA may be used on
a royalty-free basis under
the following conditions:
Free use for private purposes:
The free use of software containing the algorithm is strictly
limited to non
revenue generating data transfer between private individuals,
ie not serving
commercial purposes. Requests by freeware developers
to obtain a
royalty-free license to spread an application program containing
the
algorithm for non-commercial purposes must be directed to
Ascom.
Special offer for shareware developers:
There is a special waiver for shareware developers.
Such waiver eliminates
the upfront fees as well as royalties for the first US$10,000
gross sales of
a product containing the algorithm if and only if:
1. The product is being sold for a minimum of US$10 and a
maximum of US$50.
2. The source code for the shareware is available to the
public.
Special conditions for research projects:
The use of the algorithm in research projects is free provided
that it serves
the purpose of such project and within the project duration.
Any use of the
algorithm after the termination of a project including activities
resulting
from a project and for purposes not directly related to
the project requires
a license.
Ascom Tech requires the following notice to be included for
freeware
products:
This software product contains the IDEA algorithm as described
and claimed in
US patent 5,214,703, EPO patent 0482154 (covering Austria,
France, Germany,
Italy, the Netherlands, Spain, Sweden, Switzerland, and
the UK), and Japanese
patent application 508119/1991, "Device for the conversion
of a digital block
and use of same" (hereinafter referred to as "the algorithm").
Any use of
the algorithm for commercial purposes is thus subject to
a license from Ascom
Systec Ltd. of CH-5506 Maegenwil (Switzerland), being the
patentee and sole
owner of all rights, including the trademark IDEA.
Commercial purposes shall mean any revenue generating purpose
including but
not limited to:
i) Using the algorithm for company internal purposes (subject
to a site
license).
ii) Incorporating the algorithm into any software and distributing
such
software and/or providing services
relating thereto to others (subject to
a product license).
iii) Using a product containing the algorithm not covered
by an IDEA license
(subject to an end user license).
All such end user license agreements are available exclusively
from Ascom
Systec Ltd and may be requested via the WWW at http://www.ascom.ch/systec
or
by email to idea@ascom.ch.
Use other than for commercial purposes is strictly limited
to non-revenue
generating data transfer between private individuals.
The use by government
agencies, non-profit organizations, etc is considered as
use for commercial
purposes but may be subject to special conditions.
Any misuse will be
prosecuted.
RC5:
The RC5 algorithm is patented by RSA Data Security Inc. 100
Marine Parkway,
Redwoord City, California 94065, ph.+1 415 595-8782, fax
+1 415 595-1873, and
cannot be used commercially in the US without a license.
RSA:
The RSA algorithm is patented by RSA Data Security Inc. 100
Marine Parkway,
Redwoord City, California 94065, ph.+1 415 595-8782, fax
+1 415 595-1873, and
cannot be used commercially in the US without a license.
RSA licenses can
most easily be obtained by waiting until the year 2000 when
the patent
expires.
Page Maintained by: Timothy Chen. Opinions on this page should be freely ignored. Let us know if this page has been useful to you in some way.