1997-06-22 - why we need source code (was Re: RC5 crack)
Header Data
From: Adam Back <aba@dcs.ex.ac.uk>
To: fabrice@math.Princeton.EDU
Message Hash: 51a1b3b85852fcbb9a9b3904a560ac7ac23077de0952354f3e0cf18b7b2ca6e0
Message ID: <199706220814.JAA06026@server.test.net>
Reply To: <19970621160629.55632@math.princeton.edu>
UTC Datetime: 1997-06-22 08:20:22 UTC
Raw Date: Sun, 22 Jun 1997 16:20:22 +0800
Raw message
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sun, 22 Jun 1997 16:20:22 +0800
To: fabrice@math.Princeton.EDU
Subject: why we need source code (was Re: RC5 crack)
In-Reply-To: <19970621160629.55632@math.princeton.edu>
Message-ID: <199706220814.JAA06026@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain
Fabrice Planchon <fabrice@math.Princeton.EDU> writes:
> Comme disait Adam Back (aba@dcs.ex.ac.uk):
> >
> > Also, no source code.
> >
>
> there have been some discussions about that on the list, they seem
> to fair bogus datas sent to the servers. Kind of makes sense, but
> they could at least release the core source without the
> communication protocol...
Yes, and it's inconvenient for a number of reasons:
- those running the rc5 crack don't sign their binaries (presumably
because they don't use PGP, or don't know what it is or something),
who knows what you're downloading, virus, disk formatter, what ever.
If you had source code, you could verify it yourself at least, even
if there is no signature.
- This problem with taking too few keys, if you had the source, and they
can't be bothered to write instructions, or even brief usage notes,
you could at least figure out how to use it from the source
- Having source allows more people to verify it's correctness (saving
burning keys on subtly flawed code), spot bugs, etc. Also allows
others to find speedups.
- The point about stopping bogus keys being submitted, some validity,
however.
- Another reason I suspect they won't give source is that they want to
conceal the key from you because they have other ideas about where the
money should go than perhaps you do. (They want $1000 for themselves,
and will give $8000 to project Gutenburg (boring)).
- When I see people worring about concealing protocols, I get this
urge to insert a tap between the client and server, and post the
protocol, to remove that worry for them.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Thread
Return to June 1997
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Ben Byer <root@bushing.plastic.crosslink.net>”
- Return to “Fabrice Planchon <fabrice@math.Princeton.EDU>”
Return to ““William H. Geiger III” <whgiii@amaranth.com>”
- 1997-06-21 (Sun, 22 Jun 1997 01:21:09 +0800) - RC5 crack - Adam Back <aba@dcs.ex.ac.uk>
- 1997-06-21 (Sun, 22 Jun 1997 04:14:56 +0800) - Re: RC5 crack - Fabrice Planchon <fabrice@math.Princeton.EDU>
- 1997-06-22 (Sun, 22 Jun 1997 16:20:22 +0800) - why we need source code (was Re: RC5 crack) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-06-22 (Mon, 23 Jun 1997 00:54:00 +0800) - Sign you source code (was Re: why we need source code (was Re: RC5 crack)) - “William H. Geiger III” <whgiii@amaranth.com>
- 1997-06-22 (Sun, 22 Jun 1997 16:21:05 +0800) - Re: RC5 crack - Adam Back <aba@dcs.ex.ac.uk>
- 1997-06-22 (Sun, 22 Jun 1997 16:20:22 +0800) - why we need source code (was Re: RC5 crack) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-06-21 (Sun, 22 Jun 1997 07:40:02 +0800) - Re: RC5 crack - Ben Byer <root@bushing.plastic.crosslink.net>
- 1997-06-21 (Sun, 22 Jun 1997 04:14:56 +0800) - Re: RC5 crack - Fabrice Planchon <fabrice@math.Princeton.EDU>