[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The Next Hack
At 05:01 AM 9/22/95 -0400, Futplex wrote:
>sameer writes:
>> 2) Organize a net-wide search over the space of the RNG seed to
>> crack the private key of some well known secure server.
>>
>> 3) Release the private key to the net.
>
>FWIW, for the record, I'm uncomfortable with this. It sounds unethical, IMHO.
>
>For me at least, targeting the key of some particular server that happens to
>be out there is over the line.
>
>If you said you would have someone volunteer a supposedly secure server for
>the challenge, I'd have no qualms.
I might disagree with the part about releasing it to the net, but I don't
disagree
with targeting a server which is claimed to be "secure."
Why?
Nobody would have been too upset or surprised if someone had built the
Titanic for the sole purpose of trying to sink it. It only made waves (pun
alert)
because it was claimed to be "unsinkable" (secure), but sank anyway.
Maybe a good tactic would be to crack a "secure" server, and send the results
ONLY to the server operators, along with a description of machine-time involved.
Put out a public press release, describing the machine-time involved, how it was
possible due to weak crypto imposed by the government, and the possible
economic and commercial implications of said weak crypto.