[Hardware] Notes... The case for an open client

Elektron elektron_rc5 at yahoo.ca
Sun Aug 15 17:40:33 EDT 2004


>> The problem with splitting it up a lot is then you have the problem of
>> trusting people to search those blocks. You may work on your
>> competition's blocks first, to try to stop them from finding the key
>> (I'm not sure if this actually works though). There is also a high
>> potential of sabotaging the entire project, unless you can find a lot
>> of trusted servers (and projects willing to cooperate). And then, you
>> don't get as nice stats.
>
> Ah ... trust, strategies and game theory :)
>
> As for sabotaging the entire project, it seems pretty difficult for a
> single player to do so if some of Dan suggestions like requiring 
> partial
> match keys to be posted as proof of searching the space, as it becomes
> computationally trival to verify those keys as minimim to accept the
> blocks before including them in the database.
>
> Sure, DoS problems could be created ... but d.net faces similar risks.

Find one partial match. Post the block. Don't bother searching the rest.

There are a whole bunch of problems with peer-to-peer networks, the 
least of which is the worst routing possible (I shouldn't be able to 
kill my connection with gnutella).

>> Nobody needs the source. It was probably /dev/srandom or so, anyway.
>
> Security thru obscurity?

No, security through impossible-to-recover device timings. Have you 
asked RSA how the keys were generated? Did they tell you they can't 
tell, because that might compromise the contest? Or are you just 
assuming that the keys were generated by someone typing random 
hexadecimal digits, or MD5ing a text string, or (ick!) rand()?

RSA has a PUBLISHED list of pseudo-challenges, where they tell you the 
keys (which were probably generated in the same way as the real 
challenges). Look at the run lengths on those. Are they conclusive?

> Let me put it a different way. When brute force becomes too difficult,
> then attacking the implementation or key generation strategies starts
> to become viable alternatives - which in this case are closed 
> alternatives,
> and potentially weak links hidden by obscurity.

If you think we didn't have decent random number generators in 1997, 
think again. I just wrote one for you in 10 minutes, which is the kind 
of thing I would've expected in 1997. Take up the challenge, or your 
arguments are just a lot of talk.

- Purr



More information about the Hardware mailing list