[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
why we need source code (was Re: RC5 crack)
Fabrice Planchon <[email protected]> writes:
> Comme disait Adam Back ([email protected]):
> >
> > Also, no source code.
> >
>
> there have been some discussions about that on the list, they seem
> to fair bogus datas sent to the servers. Kind of makes sense, but
> they could at least release the core source without the
> communication protocol...
Yes, and it's inconvenient for a number of reasons:
- those running the rc5 crack don't sign their binaries (presumably
because they don't use PGP, or don't know what it is or something),
who knows what you're downloading, virus, disk formatter, what ever.
If you had source code, you could verify it yourself at least, even
if there is no signature.
- This problem with taking too few keys, if you had the source, and they
can't be bothered to write instructions, or even brief usage notes,
you could at least figure out how to use it from the source
- Having source allows more people to verify it's correctness (saving
burning keys on subtly flawed code), spot bugs, etc. Also allows
others to find speedups.
- The point about stopping bogus keys being submitted, some validity,
however.
- Another reason I suspect they won't give source is that they want to
conceal the key from you because they have other ideas about where the
money should go than perhaps you do. (They want $1000 for themselves,
and will give $8000 to project Gutenburg (boring)).
- When I see people worring about concealing protocols, I get this
urge to insert a tap between the client and server, and post the
protocol, to remove that worry for them.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`