paul at csfi.com
Thu Oct 2 11:42:20 EDT 1997
> On Thu, 2 Oct 1997 10:12:23 -0400, Rik Ling wrote:
> >Hmmm. Is everybody else here thinking the same thing that I am? How
> >difficult could it be to write a program that requests blocks from our
> >server, stores them, and then falsely reports them as complete---in
> >essence, stealing blocks from Bovine in order to use them in another
> >cracking effort somewhere else.
> Could this be how Infantile Monkeys is managing their claim of not
> Skip Huffman
Actually, if I were Spanking Monkeys, I could request blocks from Bovine,
check 'em, and report back to my Monky Business server but NOT back to
Bovine. If I reported back to Bovine, I'd be doing real work for the
Bovine effort! The only reason to report back to Bovine would be to try
and report the correct block as checked--thus making it nearly impossible
for Bovine to find the correct block. This is unlikely--but possible.
This scenario is very difficult to prevent. Anyone with some intelligence
and an Ethernet sniffer (or sniffer software, like we have) can analyze the
real Bovine packets, and write a program to spoof 'em. Unless there's some
type of built-in authentication or encryption, this is fairly trivial. The
other factor that makes this even easier is that the v1 clients (which are
still supported by the proxies, correct?) had complete source code
available. I was even running some "custom" v1 clients (by Remi and
others) before the v2 clients were available for my OS(es).
Unfortunately for us, there is no simple way to determine who's spoofing
and who's genuine--so there's no way to guarantee that we haven't marked
the correct key as checked. Maybe the admins know something I don't, but
that's my take on the situation. If we check 100% of the keyspace and
don't find the key, then what?
-- Paul Leskinen (paul at csfi.com--#320 and climbing)
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.
More information about the rc5