[Hardware] Notes... The case for an open client
dan_oetting at uswest.net
Sun Aug 15 21:48:05 EDT 2004
On Aug 15, 2004, at 3:40 PM, Elektron wrote:
>> Ah ... trust, strategies and game theory :)
>> As for sabotaging the entire project, it seems pretty difficult for a
>> single player to do so if some of Dan suggestions like requiring
>> match keys to be posted as proof of searching the space, as it becomes
>> computationally trival to verify those keys as minimim to accept the
>> blocks before including them in the database.
>> Sure, DoS problems could be created ... but d.net faces similar risks.
> Find one partial match. Post the block. Don't bother searching the
There is a collection of parts that work together to secure the whole.
1. Partial match keys are used as counters for work performed.
2. Residual checks on blocks to detect failures
3. Client ID's for tracking work performed by individual users/machines.
You cannot get credit for your work without finding the partial match
keys. Over the long run it takes a fixed amount of effort to find each
key regardless of how you search. If a client stops processing a work
unit after finding the first partial match key it will have a
significant undercount in found keys. If it tried to cover up the
undercount by not reporting empty work units it will have a high lost
work rate and still have a skewed count for multiple partial key units.
The only way to keep a clients results statistically normal so it
doesn't stand out is to do all the work. Then it might as well join the
existing project or form it's own.
I can't come up with any way to justify spending the effort to crack
RC5-72. To spend the same effort only to have a slim possibility of
stopping someone else from cracking it is just unfathomable.
>>> Nobody needs the source. It was probably /dev/srandom or so, anyway.
>> Security thru obscurity?
> No, security through impossible-to-recover device timings. Have you
> asked RSA how the keys were generated? Did they tell you they can't
> tell, because that might compromise the contest? Or are you just
> assuming that the keys were generated by someone typing random
> hexadecimal digits, or MD5ing a text string, or (ick!) rand()?
When I was just a kid during engineering days at college someone was
running a craps program on an HP 9830 desk calculator. I waited until
they restarted the program and wrote down a few results went upstairs
and wrote my own simulator. Sure enough, they were using the built in
rand() and not even initializing it (I told you these were engineers).
After jotting down several sequences I went back downstairs and cleaned
them out. Too bad they weren't playing for money.
More information about the Hardware