Reverse engineering of Solnet client

Stuart Stock (stuart@gundaker.com)
Thu, 15 May 1997 13:12:33 -0500 (CDT)


From comp.risks Digest 19.14:

---------- Forwarded message ----------

Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
Subject: DES challenge news

You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key. The
reason given was client integrity.

Well, a month after this, the promised source code release has not
happened. Instead, it appears that somebody disassembled part of the
client, made a version that reported fake "done" blocks, and then sent
these to the servers.

Moral? Don't ever think that nobody can read compiled code. Don't try to
run a cooperative effort like this in a closed development model.

Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.

--
Stuart Stock                                   stuart@gundaker.com
Systems/Security Administrator                 http://www.gundaker.com
Gundaker Realtors                              "If Windows is the answer,
                                                it was a stupid question."
 
 Got a computer?  Help crack DES!  http://www.frii.com/~rcv/deschall.htm