[RC5] newbie question

Bruce Wilson bwilson at distributed.net
Fri Aug 22 15:55:56 EDT 2003


| Having all the 
| source code would be nice so that they could be moved to any
general 
| GNU/Linux system.  folding at home states that they closed the code for

| security reasons but I think the SSH community would dispute 
| that theroy 
| (and I would agree with them).  The person proxy is nice, 
| however I just 
| run a seperate folding process on each of my boxes all of which sit 
| behind a firewall.  This doesn't make me feel much better about the 
| security though! :)

Regarding the security issues, bovine has an in depth discussion of
why security is so complicated for distributed projects at
http://www.distributed.net/source/specs/opcodeauth.html.

In short, there is a key difference between the SSH model and the
distributed computing model.

With SSH, you and another trusted party are trying to communicate
without others intercepting, injecting, interrupting or impersonating
one of the parties.  Both parties have a motive to keep the connection
as clean as possible.  If either party chooses to then forward the
data to another person, that capability is already there.  Modifying
the source code to introduce weaknesses or add forged packets would
not benefit either party.

In the distributed computing realm, we are faced with the reality of
untrusted participants (they're out there) who would want to send back
forged work.  If we release the source code to the
networking/transport-crypto portions of our client, these people could
generate packets with a false "found it" flag on RC5 projects as a
denial of service, or just pump up their stats by sending back packets
as finished without doing the work.  Adding a public/private key to
the client confers no extra protection, as every participant would
still need the public key, so forged clients could use the same key.
As I mentioned, bovine discuss this fully in the link above.

I can't speak for the other projects, but we are very open to
supporting additional platforms (as evidenced by our already broad
platform support).  All we need is someone who has access to such a
system so we can compile, test and optimize the client appropriately.


__
Bruce Wilson <bwilson at distributed.net>
PGP KeyID: 5430B995, http://www.toomuchblue.com/ 

"I want to move to Theory. Everything works in Theory."
    --John Cash, id Software



More information about the rc5 mailing list