[RC5] Re: source code / client protocol security

Adam Rotaru-Varga adam at slin.aubg.bg
Wed Nov 19 18:52:07 EST 1997

From: "Christopher Hodson (Consultant)" <cmh at fpk.hp.com>
> OK, after much deliberation, I 've decided that as an act of good faith,
> I will release 1 block per day until the source code is freed.

Well, I think release of the complete source code is not a good idea.
I could, for one, locate the main cycle which iterrates over all the keys
in the block, delete the contents, put a sleep(5) instead, recompile,
and I would have a client that finishes blocks at a rate of 1 block / 5
seconds. Pretty neat. Or if not me, but someone else could do it QUITE
easily. As for releasing only the computaational core, without the
communication part -- I guess the algorithm is quite well documented.

On Wed, 19 Nov 1997, Richard Freeman wrote:
> I'm all into signatures and all that - but I still don't see how this is
> possible.  Sure, you could make the exchange complicated to deter
> spammers, but you could never rule it out, especially with source code.
> Whatever code authenticates the client could just be duplicated by a
> spammer to authenticate their program.  The only possability would be to
> generate keypairs and make each user download one.  Then you would be able
> to determine who sent in what blocks with high certainty.  You could then
> watch out for people sending in what looks like too much progress - but
> this is hardly foolproof - it only prevents somebody from spamming 8000
> blocks/second...

  Completely aggree. See above.

> I think that spam is by far the greatest risk with distributed computing.
> Unless you distributed to trusted systems over trusted lines of
> communication you can't defeat it.

  Pretty strong - and negative - conclusion... but seems reasonable.
  Let's hope no spanner fakes a block which contains THE key....
  It would be quite unpleasant to discover after 80 years (my estimate for
100% at the current rate :(  that the key was not found...


         Adam Rotaru-Varga
         Computer Science student, American University in Bulgaria

To unsubcribe, send 'unsubscribe rc5' to majordomo at llamas.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list