[rc5] Source Code

Colin L. Hildinger colin at ionet.net
Wed Jun 18 23:46:19 EDT 1997


I'm having trouble with the idea that the source code is freely
available for the RC5 clients.  The reason this is bothing me is that
it seems like it would make it simple for a malicious individual to
send in a bunch of keyblocks as checked, even when they hadn't been. 
This is made especially easy since the clients and proxies can actually
generate their own random blocks when they're not in contact w/ the
server.  This could even be done to gain advantage.  Say I wanted to
send in a quadrillion or so blocks as checked, all the while checking
blocks served to me by the keyserver as well.  Then, suddenly the
keyserver thinks all the blocks, but it hasn't because I've got 1/72 of
the blocks on my machine and I'm checking them myself.  Meanwhile, the
group has to recheck 72/72 (OK, 36/72) of the blocks just to try to
find the key.  And there's still nothing (that I know of) stopping me
from submitting this same group of keys a second time.

Please, someone reassure me that the system is secure.  Make a good
argument, because someone did send a bunch of bogus data to solnet.


Colin L. Hildinger

Games Editor - OS/2 e-Zine!
http://www.os2ezine.com/

The Ultimate OS/2 Gaming Page
http://www.ionet.net/~colin/games.html

The Official Unofficial AWE32 and OS/2 Warp Page
http://www.ionet.net/~colin/awe32.html

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list