Re: DES Challenge Risks

Andrew Sterian (asterian@eecs.umich.edu)
Thu, 17 Apr 1997 21:00:10 -0400 (EDT)


drew@sml.co.jp writes...
> 1997/04/17 19:47:32 -0400にC Matthew Curtin <cmcurtin@research.megasoft.com>
>
> >There are quite a lot of things a malicious binary expected to soak up
> >cycles of CPU could do:
> > [lots of bad things]
>
> I had already been thinking about that (actually, it was pointed out to
> me by someone else). It doesn't matter in my case, since I've only got
> DESCHAL running on "out-of-the-box" PC's that I just use as terminals to
> other machines. However, I do agree that it takes a lot of trust to just
> blindly stick a floppy disk in the drive and run the program that's on
> there..

Trust is the key issue IMHO. If Rocke's WWW page didn't have links
to his e-mail address and other signs of this being "for real" then I don't
think I would have considered running his program. When people send
you programs that do "bad things" then they generally try to keep
themselves anonymous, in case they are found out and have to take
responsibility.

That's why I think this whole issue is a non-risk. Anyone setting up a
crypto challenge is making himself/herself very public and known.
The machine that all the packets are going to is well known and
can be traced to a real person. Should the person's intentions truly
be malicious and they are found out at some point, the consequences would
be very severe. It just doesn't make sense for someone to try to do
damage in such an open fashion.

Andrew. asterian@umich.edu | Help crack DES in your computer's spare time!
----------------------------| http://www.frii.com/~rcv/deschall.htm
For the teddy bear who has |----------------------------------------------
everything, a person. | Me: http://www-personal.umich.edu/~asterian