Difference between revisions of "Talk:XTEA Strong Encryption Implementation"

From Second Life Wiki
Jump to: navigation, search
(Licensing ambiguity)
(Licensing ambiguity)
Line 20: Line 20:
 
As far as I can tell, only the copyright holder has the ability to correct this. -- [[User:Nekow42 Zarf|Nekow42 Zarf]] 10:14, 10 July 2008 (PDT)
 
As far as I can tell, only the copyright holder has the ability to correct this. -- [[User:Nekow42 Zarf|Nekow42 Zarf]] 10:14, 10 July 2008 (PDT)
 
: Yup; only the holder can. [[User:SimonRaven Chippewa|SimonRaven Chippewa]] 02:00, 22 December 2008 (UTC)
 
: Yup; only the holder can. [[User:SimonRaven Chippewa|SimonRaven Chippewa]] 02:00, 22 December 2008 (UTC)
 +
 +
:Everything published on this Wiki is automatically released under [http://creativecommons.org/licenses/by-sa/3.0/ CC BY-SA 3.0] since it's a part of the [[Project:Contribution Agreement|contribution agreement]] (to which you automatically agree by publishing it here). So I think that comments like "This code is released under GPL" count as ''double licensing''. You can choose which license to use. Some contributors in the Wikipedia do it in order to make content available to a bigger audience. I guess that wasn't what the author had in mind... But it's what he did.<br>[[Image:Zai_signature.png|45px]] '''[[User:Zai Lynch|Lynch]]''' <sup><small>([[User talk:Zai Lynch|talk]]|[[Special:Contributions/Zai Lynch|contribs]])</small></sup> 05:00, 22 December 2008 (UTC)

Revision as of 21:00, 21 December 2008

Discuss amongst yourselves:

From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. Even using RC4 would be more secure. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using llMD5String to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about Block_cipher_modes_of_operation. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. Thomas Shikami 02:38, 20 October 2007 (PDT)

It should be noted that XTEA's chr & ord functions are wrong. -- Strife Onizuka 23:53, 6 December 2007 (PST)

So does it work?

Does this XTEA encryption work?(I don't want to have to go throught the math and testing myself=P)

Also is the XTEA version stronger than the TEA version?

I've tested the Optimized version and it failed to start. Couldn't even figure out what's not trigging the listen event. :/ CORRECTION: It's not the listen event, it's either Encrypt(message); or Decrypt(temp_cyphertext); that failed without any script error/warning. --Vincent Nacon 19:01, 29 April 2008 (PDT)

Licensing ambiguity

On the LSL Library page, it states that this source is released under the GPL. In the XTEA Strong Encryption Implementation article, it states that it is released under Creative Commons Attribution-Share Alike 3.0 Unported License. However, the terms that it states within the article, and the license it links to, are those of the Creative Commons Attribution 3.0 Unported License.

This makes using the source in your own projects quite difficult, as these licenses have different requirements for what must be done by those using and redistributing the source.

As far as I can tell, only the copyright holder has the ability to correct this. -- Nekow42 Zarf 10:14, 10 July 2008 (PDT)

Yup; only the holder can. SimonRaven Chippewa 02:00, 22 December 2008 (UTC)
Everything published on this Wiki is automatically released under CC BY-SA 3.0 since it's a part of the contribution agreement (to which you automatically agree by publishing it here). So I think that comments like "This code is released under GPL" count as double licensing. You can choose which license to use. Some contributors in the Wikipedia do it in order to make content available to a bigger audience. I guess that wasn't what the author had in mind... But it's what he did.
Zai signature.png Lynch (talk|contribs) 05:00, 22 December 2008 (UTC)