DES Challenge '97 and Athena (MIT)

Nathan D. T. Boyd (boydn@graphics.lcs.mit.edu)
Sun, 04 May 1997 18:35:46 -0400


I am going to CC: this reply to the DES Challenge mailing list, where
people will better be able to address the issues you raise, Jered.

For those of you on the mailing list: SIPB is a student-run organization
here at MIT that supports our campus network, Athena. They are
omnipotent when it comes to campus computing resources.

Jered J Floyd wrote:
>
> I think Nathan's original suggestion was to either publicize the client
> (which we could do on the web server, or the like), or work with IS to have
> the DES cracker automagically run on login. Obviously, I don't think we
> can seriously consider the latter option. Which leaves us with installing
> the client somewhere useful and publicizing it.

I was thinking of these two options:
1. Publicize the client (e.g., perhaps a one-time zephyr
message),
with a local client implementation.
2. Do the above, but also give people directions how to have the
client automagically start when the login. They have to
actively set this up (we make it easy), and each time they
login
they are notified that the client is running.

> I'm pretty sure that the client DTRT w.r.t. the signals that session_gate
> sends...so it should terminate in most cases when users logout. In some
> unusual cases (session_gate breaks, non-standard session_gate), it might
> not...and I'm fairly certain the client doesn't check to see if a user
> is logged in. We could attempt to write a wrapper for this, or see about
> getting source...

I cannot answer this.

> > We could probably put the client in outland for Linux and
> > NetBSD as a minimum so that people who have their own machines could
> > be told to run it. (Jered, any suggestions/comments on the
> > advisability of doing this?)
>
> Echhh...this is a sticky one. I think that outland implies some degree
> of support, and so I'm wary of installing software that we can't do any
> sort of audit on, which isn't from a commercial entity. (Unfortunately,
> that statement is rather arbitrary. I was going to say 'unauditable',
> but then remembered netscape.) Either way, I'd say code availablility
> is preferable, and I believe one of the competing groups in the DES
> challenge has done so. If we choose to install a DES cracking client
> in a supported or semi-supported locker, we might want to first evaluate
> which client is most appropriate.

I am not aware of the particulars when it comes to acquiring source. I
know that several different individuals have worked on the currently
available platforms -- I would think that they would be happy to give
you source (perhaps alongside an NDA) for the express purpose of taking
advantage of Athena's computational resources.

> For Linux and NetBSD (and other personal machines), I'm not sure of the
> advantage of installing it in AFS space instead of just providing a pointer
> to the original source; but I don't strongly object to doing so. There was
> some talk earlier via zephyr of writing a wrapper to run the program in
> a chroot'ed environment, as nobody; someone might want to look into the
> feasibility of that.

Again, this is a question I hope someone on the mailing list can act
upon.

- Nate

-- 
Nate Boyd                        MIT Computer Graphics Group, NE43-249
mailto:boydn@graphics.lcs.mit.edu                   617.258.5090 [tel]
http://lumina.lcs.mit.edu/People/boydn/www          617.253.6652 [fax]