[rc5] Re: Availability of Bovine source code

Chris Arguin Chris.Arguin at unh.edu
Mon Nov 10 12:22:22 EST 1997


On Mon, 10 Nov 1997, Richard Freeman wrote:

> On Sun, 9 Nov 1997, Chris Arguin wrote:
> 
> > 
> > Of course, that does leave the option for some dishonest user to find a
> > way to cheat (for example, with the rc5 project to just return
> > immediately saying it tested all blocks). There is little benefit to this
> > sort of activity, but that has never stopped anyone before.
> > 
> 
> But what would have benefit would be to tweak the source so that
> potentially good blocks are not returned - that way the owner gets the
> whole $10K without spending time searching blocks that have already been
> done.  The other efforts could do the same thing - sign out thousands of
> blocks and distribute them themselves - and not report back the correct
> answer - that way they don't overlap our keyspace...  Lots of potential
> problems here...

Ahh... Thank you. I knew I was missing some aspect here. Guess I don't
have the criminal mind :)

>From an earlier post to this group, this sort of problem has been handled,
and we were directed to some of the "spoilers" posted earlier (sorry, I
can't remember who posted). I looked back, and didn't see anything really
pertantant to this problem. Ideas anyone?

Short of doing redundant checks, I can't see how to really stop this.
Unless...

What if I encoded some sort of checksum/version information about the
client, using a PGP private key, inside the client (possible? You have to
take the key into account when generating the checksum... Maybe the
checksum can somehow know to skip the keyspace?). That way, someone would
have to crack that to modify the client. We are only storing an already
encrypted string, so I think there are no international issues. And the
server can be intelligent enough to only accept clients with that
signature.

Maybe this was covered in that spoiler-of-doom post. There was a section
on using PGP to sign the clients, but it didn't mention anything about
checksumming. I assumed it was to avoid issues with trojan
clients, as opposed to those that would try to hinder our efforts.
Perhaps that is how they plan on doing it.

Or maybe not.

--
Chris Arguin                 | "...All we had were Zeros and Ones -- And 
cpa at hopper.unh.edu           |  sometimes we didn't even have Ones."
                             +--------------+	- Dilbert, by Scott Adams
http://leonardo.sr.unh.edu/arguin/home.html |


----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list