Fabrice Planchon <fabrice@math.Princeton.EDU> writes:
Comme disait Adam Back (aba@dcs.ex.ac.uk):
Also, no source code.
there have been some discussions about that on the list, they seem to fair bogus datas sent to the servers. Kind of makes sense, but they could at least release the core source without the communication protocol...
Yes, and it's inconvenient for a number of reasons: - those running the rc5 crack don't sign their binaries (presumably because they don't use PGP, or don't know what it is or something), who knows what you're downloading, virus, disk formatter, what ever. If you had source code, you could verify it yourself at least, even if there is no signature. - This problem with taking too few keys, if you had the source, and they can't be bothered to write instructions, or even brief usage notes, you could at least figure out how to use it from the source - Having source allows more people to verify it's correctness (saving burning keys on subtly flawed code), spot bugs, etc. Also allows others to find speedups. - The point about stopping bogus keys being submitted, some validity, however. - Another reason I suspect they won't give source is that they want to conceal the key from you because they have other ideas about where the money should go than perhaps you do. (They want $1000 for themselves, and will give $8000 to project Gutenburg (boring)). - When I see people worring about concealing protocols, I get this urge to insert a tap between the client and server, and post the protocol, to remove that worry for them. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`