[rc5] client integrity

Evan Jeffrey ejeffrey at eliot213.wuh.wustl.edu
Mon Jun 23 01:23:10 EDT 1997

Hey, I just thought everyone might be interested in a statistic about
possible spoofing attacks.

Assuming that the ratio of spoofed blocks (those reported as "not it")
without being checked to legitimately checked blocks goes to infinity, the
expected date of completion goes to 38.6% more than if there was no
spoofing.  While 39% is certainly a lot, as long as the level remains low
(like, under 50%), I think the impact on the expected date of completion
(which is all we really care about) is almost zero.

It is, however, annoying, and messes up our apparent statistics.  I also
didn't take into account more intelligent attacks, like failing to report
only the correct key.  However, since this sort of attack requires actually
doing the calculations, I don't think it is as likely to be a problem.  What
is more, a clever attacker could easily devise some tricky way to do this
w/o reverse engineering the client at all.

Evan Jeffrey
erjeffre at artsci.wustl.edu

Let us go.  Let us leave this festering hell hole.  Let us think the
unthinkable, let us do the undoable.  Let us prepare to grapple with the
ineffable itself, and see if we may not eff it after all.
                                                --Dirk Gently
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list