[RC5] [insect@antennahead.com: MacOS RC5 bug Q&A]

David McNett nugget at slacker.com
Tue Jul 7 18:25:02 EDT 1998

----- Forwarded message from Andrew Meggs <insect at antennahead.com> -----
Date: Tue, 7 Jul 1998 09:48:54 -0400 (EDT)
From: Andrew Meggs <insect at antennahead.com>
Subject: MacOS RC5 bug Q&A

Q. What's wrong with the MacOS RC5-only clients?

A. On a small percentage of the blocks, they report the default
email address rather than the user's email address.


Q. Who's been affected?

A. Potentially, anybody running the old-style MacOS RC5-only
client. The problem has definitely been confirmed in version
2.6405 for both PowerPC and 68k, in both the GUI and faceless
versions. The problem may have existed as far back as 2.6403.
Users whose email addresses begin with a non-alphabetic character,
such as numeric compuserve.com addresses, may have experienced
the problem more frequently.


Q. What's the default email address that's being reported
instead of mine?

A. insect at antennahead.com, one of the client's programmers.


Q. Why? How did this happen?

A. The client checks to see that an email address:
   1) has been set, and
   2) looks like a valid email address of the form:
       sometext at some.more.text.that.includes.a.dot

If either of those tests fail, it reports the default
address instead. Investigation into the problem has turned
up an uninitialized variable in the code to check that the
specified address was valid; essentially the client would
randomly fail on the second check when it should have
succeeded and then behave as if the user had entered
a bogus email address.


Q. How many blocks were incorrectly reported?

A. It's difficult to say with certainty since the problem
occurs at random. If we assume the problem only occurs in
version 2.6405, then dividing the 470181 blocks reported
for the default email by the total of 21817320 blocks
reported for both the PowerPC and 68k versions of that release,
we get an absolute maximum of 2.15% of the blocks reported
incorrectly. The true number of blocks incorrectly reported
is lower than that, because the figure of 470181 blocks under
the default email address includes the work of version 2.6405
clients that genuinely have no address specified, as well as
a collection of multiprocessor and G3 PowerMacs and IBM
RS/6000 systems that the actual owner of that email address
has had running for some time.

If the problem also occurs in MacOS client versions 2.6404
or earlier, the estimate of the percentage of incorrectly
reported blocks would drop still lower.


Q. Will there be an update to fix the problem?

A. No further updates to that client were or are now planned.
Even if the old RC5-only client were working perfectly, everyone
should now be switching to the RC5/DES combined client that has
been available for some time.


Q. How long did you know about this problem?

A. Over a month. Because of the small number of blocks involved,
and since at the time the final, polished release of the MacOS
RC5/DES client was being promised within a few days, the decision
was made to let the problem be quietly upgraded away rather than
alarm people and embarrass the programmer. As those days slipped
into weeks, that decision does seem unwise in retrospect.


Q. What team got the extra blocks?

A. Several teams at different times. Libertarians for Privacy
got the largest chunk.


Q. How can I get the misreported blocks properly credited to
my address or team?

A. Because this problem is affecting a very small number of
blocks for each of a very large number of people, the manpower
involved in manually correcting it for everyone would be
quite significant yet wouldn't affect any one individual's
total by a significant amount. However, if your stats are
very, very, very important to you, you might could try
mailing rc5help at distributed.net.


Q. Andrew Meggs must die! Jackals from hell will feast on
his very marrow!

A. You're entitled to your opinion. A good way to start
distancing yourself from anything he's written would be to
not crack DES on any non-x86 systems, since he designed the
DES driver for them.


Q. But it runs so fast on RISC boxes! In DES round 1 didn't
they make the difference in our beating the $5000 deadline? 

A. That would be another opinion. Perhaps he's not all bad.

----- End forwarded message -----

|David McNett      |To ensure privacy and data integrity this message has|
|nugget at slacker.com|been encrypted using dual rounds of ROT-13 encryption|
|Birmingham, AL USA|Please encrypt all important correspondence with PGP!|
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list