Re: Fwd: [DES-ANNOUNCE] New clients and 'spamming'

Nelson Minar (nelson@media.mit.edu)
Mon, 5 May 1997 17:39:47 -0400


I wrote:
>> There are some serious, realistic threat models on a distributed
>> attack like deschall.

This is what I think is really interesting about the DES crack. No one
seriously thinks that DES is secure against a determined attacker.
Burning 1200 years of PPro 200 power to crack one key isn't going to
make it seem any less secure.

But managing a massively distributed, loosely coordinated computation
like this *is* interesting. In my research here as a graduate student
one of my topics is how to develop networks like we have for deschall,
only for more general purpose computation. Security of the computation
is a major issue.

If anyone thinks these ideas are interesting take a look at the
stuff at http://www.agorics.com/, especially the paper "Markets and
Computation: Agorics Open Systems" at http://www.agorics.com/agorpapers.html
Fun stuff.

Justin responded to my comment:
>>On a discussion on coderpunks a few months ago the consensus was
>>that the only really safe solution was a completely uncoordinated
>>one - every client pick random blocks.
>Would that have been Peter Trei saying that, per chance? He's been a
>proponent of the uncoordinated approach for awhile...

Yeah, Peter Trei and his optimized DES client were the center of the
conversation. I don't think it was just Peter who was advocating an
uncoordinated attack, though.

There was some talk of a semi-redundant attack but the server
complexity seemed to far outweigh the benefits of a bit more
coordination. The penalty for totally random search is suprisingly
low. Anyone remember the number?

Spot-checking is a nice alternative but is it really much better than
purely random search? This issue in particular worries me:

>The one "flaw" in spot checking is that a malicious client that lies
>*only* if it finds the key is hard to detect, unless another host is asked
>to spot check that exact range.

there's a huge incentive for a client to lie exactly in that circumstance.
Then Rocke doesn't get his $6000, and the coordinated effort doesn't
get any credit.

BTW, what the coderpunks discussion missed was the social value of
having a web page like http://www.frii.com/~rcv/desstat.htm and a
mailing list like this. It's *fun* for me to check in on a new day and
see "Oh, we're doing 2 billion keys per second now!". It keeps me
interested.

You know, if checking keys were like making hamburgers, then it'd take
us about a quarter of a minute to make all the hamburgers McDonalds
has ever served.