---------- Forwarded message ----------
Date: Mon, 12 May 1997 17:56:54 +0200 (MET DST)
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
Subject: DES challenge news
You may remember RISKS-19.09, in which I discussed the risks in a
network-wide attack on the RSA DES challenge: The Swedish group at
http://www.des.sollentuna.se/ didn't give out its source, so the client
could, in fact, do anything, such as crack a master EC-card key. The
reason given was client integrity.
Well, a month after this, the promised source code release has not
happened. Instead, it appears that somebody disassembled part of the
client, made a version that reported fake "done" blocks, and then sent
these to the servers.
Moral? Don't ever think that nobody can read compiled code. Don't try to
run a cooperative effort like this in a closed development model.
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
--
Stuart Stock stuart@gundaker.com
Systems/Security Administrator http://www.gundaker.com
Gundaker Realtors "If Windows is the answer,
it was a stupid question."
Got a computer? Help crack DES! http://www.frii.com/~rcv/deschall.htm