[RC5] eEye and d.net

Slawek sgp at telsatgp.com.pl
Thu Dec 12 09:51:54 EST 2002


David McNett wrote:

> Adding a layer of obscurity in combination with other methods of security
> is not misguided, and I believe that we do an adequate job of
communicating
> the limitations of our approach and that we are aware of those
limitations.
> The offer still stands, of course, for you (or anyone) to propose a
mechanism
> which you would find more aesthetic.  It is unfair, however, for you to
> demand that we implement a security mechanism which would allow us to
> distribute fully open source without proposing how exactly this is
supposed
> to be possible.  In six years we've not come up with a way to do this and
> suspect that it is simply not possible.  I wish that you would not hold us
> personally responsible for this unfortunate reality.


There is a way to do this, only three problems left for me:
1) somebody can modify the client to catch "positive" for him and not send
it back to the server.
2) what to do if you find out somebody is cheating.
3) possibility of not detecting somebody cheating with a small number of
blocks.


Problem #1 is present even in closed-source version because it's sufficient
to patch used core in the executable (cores are byte-identical to those in
opened source).

Problem #2 arises because this might be a fault processor or so and I'm not
sure if you should discard all block sent from that address. Obviously
there's a need to authenticate users so nobody could maliciously send blocks
as somebody else.


Main advantages include:
- no big increase in disk storage requirements on main servers (below 1%)
- no big increase in required computational power of main servers (hard to
predict exactly without writing the code, but looks like something below 1%)
- no big decrease in keyrate in clients (something about 0,1%, may depend on
processor)
- no big decrease in overral keyrate of the project (some block need to be
double checked, one per thousand should be sufficient which gives a total of
0,2% - including clients' slowdown).

So overral implementing those changes would probably increase overral
keyrate of the project, because there definitly are some people refusing to
launch closed source code on their systems.


Note that I'm not volunteering to implement it. I don't have time for that.
I even don't care to tell more about it unless you confirm that above
problems are ok and won't stop you from using my ideas.


--
Slawek

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list