[RC5] Re: source code / client protocol security
adam at slin.aubg.bg
Wed Nov 19 18:52:07 EST 1997
From: "Christopher Hodson (Consultant)" <cmh at fpk.hp.com>
> OK, after much deliberation, I 've decided that as an act of good faith,
> I will release 1 block per day until the source code is freed.
Well, I think release of the complete source code is not a good idea.
I could, for one, locate the main cycle which iterrates over all the keys
in the block, delete the contents, put a sleep(5) instead, recompile,
and I would have a client that finishes blocks at a rate of 1 block / 5
seconds. Pretty neat. Or if not me, but someone else could do it QUITE
easily. As for releasing only the computaational core, without the
communication part -- I guess the algorithm is quite well documented.
On Wed, 19 Nov 1997, Richard Freeman wrote:
> I'm all into signatures and all that - but I still don't see how this is
> possible. Sure, you could make the exchange complicated to deter
> spammers, but you could never rule it out, especially with source code.
> Whatever code authenticates the client could just be duplicated by a
> spammer to authenticate their program. The only possability would be to
> generate keypairs and make each user download one. Then you would be able
> to determine who sent in what blocks with high certainty. You could then
> watch out for people sending in what looks like too much progress - but
> this is hardly foolproof - it only prevents somebody from spamming 8000
Completely aggree. See above.
> I think that spam is by far the greatest risk with distributed computing.
> Unless you distributed to trusted systems over trusted lines of
> communication you can't defeat it.
Pretty strong - and negative - conclusion... but seems reasonable.
Let's hope no spanner fakes a block which contains THE key....
It would be quite unpleasant to discover after 80 years (my estimate for
100% at the current rate :( that the key was not found...
Computer Science student, American University in Bulgaria
To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5