[RC5] Chance of "the" key being in faulty buffer

Robert Brooks robertb at geocities.com
Wed Mar 18 12:45:51 EST 1998


>It seems to me the chance of a faulty buffer containing the key is higher
>than average as finding a possible key does result in the execution of a
>different, less frequently executed part of the software.

This, of course, makes an assumption that for any line of code, the chances
of it containing an undiscovered bug are directly proportional to the
number of times it is executed.  Logically, this would imply that any line
of code that is never executed is, by definition, a bug.  As a programmer,
I almost agree!

However, I believe that since we're only checking for a portion of the
plaintext message, a certain number of blocks will return "potential key
found" to the server but the server will discover that it is not "the" key.
 This had been discussed during the DES contest as a way to double-check
the validity of the clients -- if no client *ever* reports a possible key,
then there's a problem!  (please correct me if this was just a proposal...)

If the above is true, then the "I found it!" code is executed more than 0
times, which means that the chance of it being buggy is less than 100%.  In
fact, I think the curve describing "times executed" vs. "bugginess" is
pretty steep, and the probability should now be pretty close to the
"bugginess" probability of the rest of the app.  Wouldn't this be a
hyperbolic curve that never quite reaches x=0 (no executions, certain bug)
or y=0 (infinite executions, totally bug-free)?  (it's been too long since
analytical geometry)

If someone had suggested this during the DES contest (when we had to finish
90% of the keyspace and were getting worried), we'd have probably all
started sweating at once...

--
Robert Brooks / robertb at geocities.com
http://www.geocities.com/SoHo/4535/graph.html (Wallpaper Heaven!)
Part of the world's largest computer: http://www.distributed.net/

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list