RC5, hiding source code

Nelson Minar (nelson@media.mit.edu)
Sun, 11 May 1997 15:50:05 -0400


>>We're keeping the source available and allowing people worldwide to
>>participate,
>What are you doing to ensure that the client does the work it claims it
>does? With public source code, I would think that you are wide open for a
>hacker to maliciously destroy all your efforts.

Keeping the source code proprietary does *not* effectively protect the
server against a malicious client. If someone wants to muck with your
server, they can just reverse engineer the client. If the protocol is
simple enough you don't even need to do that - just eavesdrop on the
protocol stream and work from there.

>If all the forces of Solnet and DESCHAL were thrown behind your effort as
>soon as we are done, I am sure we would crack RC5-56 quite quickly.

I confess, I don't really understand why RC5-56 is such a target.
RC5-40 made sense - it was the only crypto exportable from the US;
demonstrating it was weak was an important political move. A similar
argument goes for breaking DES. But why RC5-56? Is $10,000 that
exciting?