Re: Distributed Brute Force Projects

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 05/30/04 

Date: Sun, 30 May 2004 19:08:24 GMT

Simon Johnson wrote:
> "foo" <foo@foo.com> wrote in message news:2hq07tFg5iuoU1@uni-berlin.de...
>
>>There are several distributed brute force crypto projects currently
>>underway, MD5CRK and distributed.net to name a couple. Can anyone tell me
>>how these projects verify the information given to them by the various
>>distributed clients? What's to stop some attacker from
>>decompiling/disassembling the various client programs, finding out how the
>>program reports it's findings to the server, and re-implementing the their
>>own client which reports false information?
>>
>>Many thanks in advance
>>
>>regards,
>>
>>foo
>>
>
>
> Some projects send the same work packets to multiple clients to avoid this
> attack. Other than that.. there isn't any way of ensuring it.
> At some level you have to trust the machine to do the math right.

Some problems are easier to verify than solve though. For instance, a
collision in MD5 is hard to find but easy to verify.

In the case of md5crk there isn't an easy solution like that. Either
one DP led to another DP [which means doing the same work to check it]
or it didn't. At best you could randomly sample DPs and check their
validity... But IIRC JL doesn't track the distance between DPs so there
is no 100% way to verify it.

Tom

Relevant Pages

  • Re: SMS Advanced Clients not showing up in admin console and client not seeing advertisements
    ... Verify that the Task Scheduler is enabled. ... Verify that the SQL Server has named pipes enabled. ... If you are using the IIS lockdown tool on your IIS 5 servers be sure to apply the SMS ... >Eventually advanced clients disappearing from console ...
    (microsoft.public.sms.admin)
  • Re: Persistance UPDATE problem - revised Q for clarity
    ... > I'd like to clear up a very long-standing problem I have had only because ... But how can my clients change the text boxes to ... verifiying the update but you need to verify the parameter is correct. ... StrCompt, if the textbox text ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Windows Update v5 issues and workaround
    ... > it works for my secureNAT clients but not Web proxy clients. ... the Internet while forcing Authentication for everything else,..it would be ... done the same for any similar situation, not just Windows Update. ... You have to verify that you created all the Rules exactly as the article ...
    (microsoft.public.isa.clients)
  • Re: Windows Update v5 issues and workaround
    ... > it works for my secureNAT clients but not Web proxy clients. ... the Internet while forcing Authentication for everything else,..it would be ... done the same for any similar situation, not just Windows Update. ... You have to verify that you created all the Rules exactly as the article ...
    (microsoft.public.isa)
  • Re: Windows Update v5 issues and workaround
    ... > it works for my secureNAT clients but not Web proxy clients. ... the Internet while forcing Authentication for everything else,..it would be ... done the same for any similar situation, not just Windows Update. ... You have to verify that you created all the Rules exactly as the article ...
    (microsoft.public.isa.configuration)